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PREFACE 



The Defense Science Board Task Force on Information Warfare (Defense) was established at 
the direction of the Under Secretary of Defense for Acquisition and Technology. By 
USD(A&T) Memorandum for the Chairman, Defense Science Board, dated October 4, 1995, 
the Task Force was directed to "focus on protection of information interests of national 
importance through the establishment and maintenance of a credible information warfare 
defensive capability in several areas, including deterrence." Specific?dly, the Task Force was 
asked to: 

• Identify the information users of national interest who can be attacked through the 
shared elements of the national information infrastructure. 

• Determine the scope of national information interests to be defended by information 
warfare defense and deterrence capabilities. 

• Characterize the procedures, processes, and mechanisms required to defend against 
various classes of threats to the national information infrastructure and the 
information users of national interest. 

• Identify the indications and warning, tactical warning, and attack assessment 
procedures, processes, and mechanisms needed to anticipate, detect, and characterize 
attacks on the national information infrastrucnire and/or attacks on the information 
users of national interest. 

• Identify the reasonable roles of government and the private sector, alone and in 
concert, in creating, managing, and operating a national information warfare-defense 
capability. 

• Provide specific guidelines for implementation of the Task Force's recommendations. 

For the purpose of this report, the terms national and national-level are assumed to include 
Federal, state and local governments, academia, associations, public interest organizations, 
and the private sector. 

This report presents the conclusions and recommendations of the Task Force based on study 
efforts of the Task Force and Panels created by the Task Force to address specific areas of 
interest. The report is organized as follows: 

• Executive Summary. 

• Section 1, Introduction, provides background information. 

• Section 2, Environment, describes factors pertinent to the study effort. 

• Section 3, Observations, provides the major findings of the Task Force. 

• Section 4, What Should We Defend?, identifies the information users of national 
interest and scope of interests to be defended. 

• Section 5, How Should We Defend?, suggests processes and procedures necessary to 
defend die users against the threats. It includes a discussion of required indications 



and warning, tactical warning, attack assessment, and continuity of operations 
organizations and procedures. 

• Section 6, Recommendations, presents recommendations, and provides specific 
guidelines for implementing the recommendations. It includes a discussion of the 
reasonable roles of government and the private sector and concludes with resources, in 
addition to current INFOSEC budgets, required to implement the recommendations. 

• Section 7, Summary, briefly summarizes the report and suggests some immediate 
actions. 

Appendices are provided as background and resource information. They do not represent a 
consensus view of the Task Force and recommendations contained in the Appendices are 
not Task Force recommendations to the Department. Some of the appendices were used in 
part as input to the main body of this report. Other appendices are provided because they 
contain useful information for further discussion of matters addressed in the main body of the 
report. 

At about the same time that the Task Force was created, the President signed a major policy 
directive regarding the protection of critical infrastructures such as telecommunications, 
electric power, and transportation. This directive resulted in the creation of a Critical 
Infrastmctures Working Group (QWG) to address the manner in which the directive should 
be implemented. The CIWG recommendations were implemented with some modification in 
Executive Order 13010, Critical Infrastructure Protection which was signed by the President 
on July 15, 1996. E.O. 13010 estabUshes a President's Conmiission to, in part, 

• Assess the scope and nature of the vulnerabilities of, and threats to, critical 
infrastructures, 

• Determine what legal and policy issues are raised by efforts to protect critical 
infrastructures, and 

• Recommend a comprehensive national policy and implementation strategy for 
protecting critical infrastructures from physical and cyber threats and assuring their 
continued operation. 

Given these parallel and closely related activities, the Task Force elected to address 
information warfare (defense) issues and provide conclusions fix>m both the national and 
Department of Defense perspectives. However, the Task Force recommendations are 
specifically oriented on the Department of Defense. Department of Defense dependencies on 
national level activities for information warfare (defense) are provided to the Secretary of 
Defense for possible transmittal to the President's Commission for use in their deliberations. 
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EXECUTIVE SUMMARY 



Hie Environment 

The national security posture of the United States is becoming increasingly dependent on U S 
and international infrastructures. ITiese inftastructures are highly interdependent, particularly 
because of the inter-netted nature of the information components and because of their reUance on 
the national information infrastructure. The information infrastructure depends, in turn upon 
other infrastructures such as electrical power. 

Ptotecting the infrastructures against physical and electronic attacks and ensuring the availability 
of the infrastructures will be complicated. TTiese infrastructures arc provided mostly (and in 
some cases exclusively) by the commercial sector; regulated in part by federal, state, and local 
govemments; and significanUy influenced by market forces. Commercial services from the 
national informaGon infrastructure provide the vast majority of the telecommunications portion 
of the Defense Information Infrastructure (DU). These services are regulated by Federal and state 
agencies. Local government agencies regulate the cable television portion of the information 
infrastructure. Power generation and distribution are provided by very diverse activities— the 
Federal government, public utilities, cooperatives, and private companies. Interstate 
telecommunications are regulated by the Federal Communications Commission, intrastate 
telecommumcations by the state public utilities commissions. Interstate power distribution is 
regulated by the Federal Energy Regulatory Commission, intrastate power generation and 
distnbution by the state public utilities commissions. 

Observations 

^formation infrastructures are vulnerable to attack. While this in itself poses a national security 
threat, the linkage between information systems and traditional critical infrastructures has 
mcreased the scope and potential of tiie information warfare threat. For economic reasons 
increasmg deregulation and competition create an increased reliance on information systeiis to 
operate, maintain, and monitor critical infrastructures. This in turn creates a mnnel of 
vulnerability previously unrealized in tiie history of conflict. 

Information warfare offers a veil of anonymity to potential attackers. Attackers can hide in the 
mesh of mter-netted systems and often use previously conquered systems to launch tiieir attacks 
The ack of geographical, spatial, and political boundaries offers further anonymity and legal and 
regulatory arbitrage; this lack also invalidates previously established "nation-state" sanctuaries 
Information warfare is also relatively cheap to wage, offering a high return on investment for ' 
resource-poor adversaries. The technology required to mount attacks is relatively simple and 
ubiquitous. During information warfare, demand for information will dramatically increase 
while the capacity of the information infrastructure will most certainly decrease The law 
p^cularly international law, is currentiy ambiguous regarding criminality in and acts of war on 
information infrastructures. This ambiguity, coupled witii a lack of clearly designated 
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responsibilities for electronic defense hinders the development of remedies and limits response > 
options. 

Exhibit ES-1 shows additional observations. 



• Information warfare has been particularly troublesome for 
the intelligence community 

• We lack a common vocabulary 

• Resources are focused on classified content and systems 

• It is easy to make the IW-D problem too hard 

• Acquisition policy and practices pose dilemmas 

• However, a lot can be dorte 

• And DoD must start now! 



Exhibit ES-1. Observations 

What Should We Defend? 

The current Administration's national security strategy for the United States suggests that the 
nation's "economic and security interests are increasingly inseparable" and that "we simply 
cannot be successful in advancing our interests — political, military and economic — ^without 
active engagement in world affairs." In the broad sense, then, the scope of national information^ 
interests to be defended by information warfare defense and deterrence capabilities are those t 
political, military, and economic interests. These include the continuity of a democratic form of 
government and a free market economy, the ability to conduct effective diplomacy, a favorable 
balance of trade, and a military force that is ready to fight and that can be deployed where 
needed. These interests are supported by the delivery of goods and services that result from the 
conduct of functional activities such as manufacturing, governing, banking and finance, and the 
like. Some of these activities are critical to the nation's political, military, and economic 
interests. These critical functional activities, in turn, depend on information technology and 
critical infrastructures such as banking and finance, electric power, telecommunications, and 
transportation. 

In general, U.S. infrastructures are extremely reliable and available because they have been 
designed to respond to disruptions, particularly those caused by natural phenomena. Redundancy 
and diverse routing are two examples of design techniques used to improve reliability and 
availability. However, deregulation and increased competition cause companies operating these 
infrastructures to rely more and more on information technology to centralize control of Aeir 
operations, to support critical functions, and to deliver goods and services. Centralization and 
reliance on broadly networked information systems increase the vulnerabilities of the 
infrastructures and the likelihood of disruptions or malevolent attacks. 

The information users of national interest who can be attacked through the shared elements of the 
national information infrastructure are those responsible for performing the critical functions 
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me Depattment of Defense (DoD) must preserve its abUity to fulffll its basic missions To do 

availability of mformation necessary to fulffll those missions. The intertwined nature of the 
functions of nanond interest and supporting infrasmicnires add to the co3exity^e^t 
cnucal functions which have national security implicadons and which mS .SfeS L 



national functions 
How Should We Defend? 



The concept for defending the information infrastructure and the infonnation components of 
other cntical mfrastructures includes the following principles: components of 

* wS^ ^^ctr ''''''' P'''"™'' ^" presence of infonnation 

* fiinctiolli"'™ '''"""^"^ infrastructure capability must exist to support these critical 

• Point and layered defenses are preferable to area defenses 

• The infrastmcture must be designed to function in the presence of failed components 
systems, and networks. The risk associated with failed components. syst^mTC 
networks must be managed since it cannot be avoided 

* i^f^tS^^e'"^ ""^ "^P^"^^"^ °" <^^^^o^ of the 

• The infrastructure must be capable of being repaired. 

^.f Z^TI7 '^"^""i;"^ !^ ^ In the information age as in die nuclear age deter is die 

first hne of defense This deterrence must include an expression of national will 2«pressed^ 
law and conduct a declaratory policy relative to consequences of an infonnaZ waST^li 

^u^nir^^r ?SfvT '"'^r" I""' '-''^ informatTlli^rcrt 
f^H ^f f ! ^^^f ^o information warfare is simple and ubiquitous- some 

form of infrastructure robustness and protection is essential. It is technicaUy and ^onoSfv 
impossible to des^gn and protect die infrastructure to widistand any and S^ruptions 

SS^W '""t ^ 7"' ^ managed, however, by^Sng 

selec ed portions of die mfrastructure diat support critical functions and activities neTessL for 

through independent assessments diat die design principles are being followed Aat Ztectivr 
..cc./ ,s monitoring, detection of incidents, and „^ni„g of die LdeTStLg 
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and detection of infrastructure disraptions, intrusions, and attacks are also an integral part of ti^^ 
defense against information warfare. Providing an effective monitoring and detection capability 
will require some policy initiatives, some legal clarification, and an ambitious research and , 
development program. The teleconmiunications infrastructure will be subject to some form of . 
attack and we should have some capability to limit the damage that results and to restore the 
infrastructure. Littie research has been devoted to the basic procedures necessary to contain 
**batde" damage, let alone the tools which might provide some automated form of damage | 
control Some form of attack assessment is essential to determine the impact of an attack on | 
critical functions and the appropriate response to an attack. Restoration of the infrastructure \J 
implies some capability to repair the damage and the availability of resources such as personnel, 
standby services contracts, and the like. The basic functions of monitoring, detection, damage f 
control, and restoration must begin at the lowest possible operating level. Reports of the activit^ 
must be passed to regional, DoD, and national-level organizations to establish patterns of activ- 
and to request assistance as needed in damage control and restoration. Finally, some form of 
response to the intrusions or attacks may be necessary to deter future intrusions or attacks. The . 
response could entail civil or criminal prosecution, use of military force, perception management; 
diplomatic initiatives, or economic mandates. Because response might also involve offensive 
information warfare, this report does not address it in detail. 

Recommendations 

The Task Force makes 13 key recommendations as shown in Exhibit ES-2. The Task Force 
considers these recommendations as imperatives. 

Bottom Line - DoD has an urgent need to: 

1. Designate an accountable IW focal point 

2. Organize for IW'D 

3. Increase awareness 

4. Assess Infrastructure dependencies and vulnerabilities 

5. Define threat conditions and responses 

6. Assess IW'D readiness 

7. "Raise the bar" (with high-payoff, low-cost items) 

8. Establish a minimum essential information infrastructure 

9. Focus the R&D 

10. Staff for success 

11. Resolve the legal issues 

12. Participate fully In critical Infrastructure protection 

13. Provide the resources 
DSB has been urging action on this problem for 3 years! 



Exhibit ES-2. Recommendations 

In addition, the Task Force made over 50 additional recommendations, which are categorized 
under these key reconmiendations. (Note that the first reconmiendation addresses all of 
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information warfare, not just defensive information warfare.) The Task Force attempted to 
prioritize these "key recommendations," but in the end decided that portions of all of these key 
recommendations should be implemented inmiediately. 

The following discussions provide all of the recommendations made by the Task Force. The 
parenthetical entry following each of the key reconmiendations identifies the section of the report 
in which the recommendations are discussed in detail. 

1. Designate an accountable IW focal point (6.1). This is the most important recommendation 
the Task Force offers. The Task Force believes that the Secretary of Defense needs a single focal 
point charged to provide staff supervision of the complex activities and interrelationships that are 
involved in this new warfare area. This includes oversight of both offensive and defensive 
information warfare planning, technology development and resources. The SECDEF should: 

la. Designate ASD(C3I) as the accountable focal point for alllW issues. 

la(l). Develop a plan and associated budget beginning in FY 97 to obtain the 
needed IW-D capability. 

la(2). Auttiorize ASD(C3I) to issue IW instructions. 

la(3). Consider establishing a USD(Information). 

lb- Establish a DASD(IW) and supporting staff to bring together as many IW 
functions as possible. 

2. Organize for IW-D (6.2). This key recommendation identifies the need for specific IW-D 
related capabilities and organizations to provide or support the capabilities. While not 
specifically addressed by the Task Force, virtual organizations that draw on existing assets and 
capabilities can be established. 

2a. Establish a center to provide strategic indications and warning, current 
intelligence, and threat assessments. The SECDEF should request the DCI to: 

2a(l). Establish an I&W/TA center at NSA with CIA and DIA support. 

2a(2). Task and resource the Intelligence Community to develop the 
processes for Current Intelligence, Indications and Warning, and Threat 
Assessments for IW-D. 

2a(3). Encourage the Intelligence Community to develop information-age 
trade craft, staff with the right skills, and train for the information age. 

2a(4). Conduct comprehensive case studies of U.S. offensive programs and a 
former foreign program to identify potential indicators — collection, funding, 
training, etc. 

2a(5). Establish an organization to examine and analyze probable causes of 
all security breaches. 

2a(6). Develop and implement an integrated National Intelligence 
Exploitation Architecture to support the organization and processes. 
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In addition, the SECDEF should: 

2a(7). Direct the development of IW Essential Elements of Information. 

2b. Establish a center for IW-D operations to provide tactical warning, attack 
assessment, emergency response, and infrastructure restoration capabilities. The 
SECDEF should: 

2b(l). Establish a DoD IW-D operations center at DISA with NCS, NSA, a 
DIA support 

2b(2). Develop and implement distributed tactical warning, attack 
assessment, emei^ency response, and infrastructure restoration procedures. 

2b(3). Interface the operations center with Service and Agency capabilities 
and I&W/TA support. 

2b(4). Establish necessary liaison (e.g., with military and government 
operations centers, service providers, intelligence agencies, and computer 
emergency response centers). 

2c. The SECDEF should establish an IW-D planning and coordination center 
reporting to the ASD(C3I) with mterfaces to the intelligence community, the Joint ] 
Staff, the law enforcement community, and the operations center. This center will: 
develop an IW planning framework; assess IW policy, plans, intelligence support, 
allocation of resources, and IW incidents; develop procedures and metrics for assessing 
infrastructure and information dependencies; and facilitate sharing of sensitive 
information such as threats, vulnerabilities, fixes, tools, and techniques within DoD and 
among government agencies, the private sector, and professional associations. 

2d. Establish a joint office for system, network and infrastructure design. This 
office will: develop and promulgate IW-D policies, architectures, and standards; design 
the information infrastructure for utility, resiliency, repairability, and security; develop , 
and implement an IW-D configuration management process; and conduct independent 
verification of design and procurement specifications to ensure compliance with the 
design. The SECDEF should: 

2d(l). Establish a jomt security architecture/design ofBce within DISA to 
shape the design of the DoD mfbrmation infrastructure. 

2d(2). Establish a process to verify independently and enforce adherence tp 
these design principles. 

2e. Establish a Red Team for independent assessments. The Red Team would asa 
the vulnerabilities of new systems and services and would conduct "IW-like" attacks to. 
verify the readiness posture and preparedness of the fighting forces and supporting 
activities. The SECDEF should: 



ES-6 



2e(l). Establish a Red Team which is accountable to SECDEF/DEPSECDEF 
and independent of design, acquisition, and operations activities. 

2e(2). Develop procedures for employment of the Red Team. 

3. Increase awareness (63). The Task Force strongly suggests the need to make senior-level 
government and industry leaders aware of the vulnerabilities and of the implications. To that 
end, the SECDEF should: 

3a. Establish an internal and external IW-D awareness campaign for the public, 
industry, CINCs, Services, and Agencies. 

3b. Expand the IW Net Assessment recommended by the 1994 Summer Study to 
include assessing the vulnerabilities of the DII and NIL 

3c Review joint doctrine for needed IW-D emphasis. 

3d. Explore possibility of large-scale IW-D demonstrations for the purpose of 
understanding cascading effects and collecting data for simulations. 

3e. Develop and implement simulations to demonstrate and play IW-D effects 
(USD(A&T) lead). 

3f. Implement policy to include IW-D realism in exercises. 
3g. Conduct IW-D experiments. 

4. Assess infrastructure dependencies and vulnerabilities (6.4). Various infrastructures are 
vitally needed to support mobilization, deployment, and employment of forces and to control and 
sustain those forces. Some of these interconnected infrastructures are known to have single 
points of failure. Therefore, the SECDEF should: 

4a. Develop a process and metrics for assessing infrastructure dependency. 

4b. Assess/document operations plans infrastructure dependencies. 

4c. Assess/document functional infrastructure dependencies. 

4d. Assess infrastructure vulnerabilities. 

4e. Develop a list of essential infrastructure protection needs. 

4f. Develop and report to the SECDEF the resource estimates for essential 
infrastructure protection. 

4g. Review vulnerabilities of hardware and software embedded in weapons systems. 

5. Define threat conditions and responses (63). Conditions analogous to DEFCON should be 
developed to provide a common understanding of IW threat conditions. Appropriate responses 
to these conditions should also be developed using the Task Force suggestions outlined in the 
report as a starting point. The SECDEF should: 
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5a. Define and promulgate a useful set of IW-D threat conditions which is 
coordinated with current mtelligence conununity threat condition definitions. 

5b. Define and implement responses to IW-D threat conditions. 
5c Explore legislative and regulatory implications. 

6. Assess IW-D readiness (6.6). A standardized process is necessary to enable commanders to 
assess and report their operational readiness status as it relates to their specific dependency on 
mformation and information services. Using the standard vocabulary suggested by the Task 
Force, the SECDEF should: 

6a. Establish a standardized IW-D assessment system for use by CINCs, MilDeps, 
Services, and Combat Support Agencies. ' ; 

6b. Incorporate IW preparedness assessments in Joint Reporting System and Joint 
Doctrine, for example. 

7. ^'Raise the bar*' with high-payoff, low-cost items (6.7). There are a number of low-cost 
activities the Department can undertake to "raise the bar" significantly for potential systems and 
network intruders. Three specific Task Force recommendations are that the SECDEF should: 

7a. Direct the immediate use of approved products for access control as an interim 
unto a MISSI solution is implemented and for those users not programmed to 
receive MISSI products. 

7b. Examine the feasibility of using approved products for identification and 
authentication. 

7c. Require use of escrowed encryption for critical assets such as databases, 
program libraries, applications, and transaction logs to preclude rogue employees 
from locking up systems and networks. 

8. Establish and maintain a minunum essential information mfrastructure (6.8). A strategy^ 
and an overall architecture concept employing existing core capabilities such as Milstar must be ' 
developed to serve as a means for restoring services for critical fiinctions and adapting to large- 
scale outages. The SECDEF should: 

8a. Define options with associated costs and schedules. 

8b. Identify minunum essential conventional force structure and supportmg 
information infrastructure needs. 

8c. Prioritize critical functions and Infrastructure dependencies. 

8d. Design a Defense MEII and a failsafe restoration capability. 

8e. Issue direction to the Defense Components to fence funds for a Defense MEII 
and failsafe restoration capability. 
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9. Focus the R&D ^.9). While many commercial and approved security products ate available 
needs in large-scale d«tnboted computing environments and generally do not protectLainst 

9a. Develop robust survivable system architectures. 

^r*" "^"^8, monitoring, and management of 
large-scale distributed/networked systems. 

9c Develop tools and techniques for automated detection and analysis of localized 
or coordmatedlarge-scale attacks. "iiu«iu«» 

9d. Develop tools for synthesizing and projecting die anticipated performance of 
survivable distributed systems. «ti«:wi 

9e. Develop tools and environments for IW-D oriented operational training. 

?i ^r^u^ ^"^ slmulation-based mechanisms for evaluating emerging 

IW-D technology and tactics. 

In addition, the SECDEF should work with the National Science Foundation to: 

9g. Develop research in U.S. computer science and computer engmeering prognuns. 
9h. Develop educational programs for curriculum development at tiie 
undergraduate and graduate levels in resilient system design practices. 

10. Staff for success (6 10). A cadre of high-quality, trained professionals with recognized 
career paths is an essential ingredient for defending present and future infonnation systems The 
Task Force recommends that the SECDEF: ""^j^^cms. ine 

lOa^ Establish a career patii and mandate traming and certification of systems and 
network administrators. 

10b. Establish a military skill specialty for IW-D. 

10c. Develop specffic IW awareness courses with strong focus on operational 
preparedness m DoD's professional schools. 

}\ ^^uf ^'"^^ "^^ ^'^^^"^ distributed computing has and will continue 

to toher b ur the boundaries of the systems and networks that the Depaifment uses. CoTZ 

L?hI TT'^ r',^*''" ' "^^^P ^PP^°^^ «--ded. Government 

wide guidance, and perhaps legislation as well, are needed in the areas of Department assistance 
o the pnvate sector (e.g.. Computer Security Act), tracing attackers of unkno'wn national^ 
(intelligence versus U.S. persons), tracking attackers through multiple systems, and 
obtaimng/requiring reports of computer-related incidents from the private sector owners and 
operators of critical infrastrucnires. The SECDEF should: 
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11a. Promulgate for Department of Defense systems: 

• Guidance and unequivocal authority for Department users to monitor, 
record data, and repel intruders in computer systems for self protection, 

• Direction to use banners that make it clear the Department's 
presumption that intruders have hostile intent and warn that the 
Department will take the appropriate response. 

• IW-D rules of engagement for self-protection (including active response) 
and civil infrastructure support 

lib. Provide to the Presidential Commission on Critical Infrastructure Protection 
proposed legislation, r^ulation, or executive orders for defending other systems. 

12. Participate fully in critical infrastructure protection (6.12). The Task Force makes the 
following recommendations to the SECDEF regarding the activities of the President's 
Conmiission on Critical Infrastructure Protection. Detailed suggestions for each of the below 
reconmiendations are outlined in Section 6. 12. 

12a. Offer specific Department capabilities to the President's Commission. 

12b. Advocate the Department's interests to the President's Conunission. 

12c Request the Conunission provide certain national-level capabilities for the 
Department 

12d. Suggest IW-D roles for government and the private sector. 

13. Provide the resources (6.13). The Task Force reviewed all of the individual 
recommendations categorized under the key recommendations and estimated to $5 million 
granularity what the implementation costs might be. The cost estimate is $3.01 billion over 
fiscal years 1997 through 2001. However, the Department should make a detailed estimate. 
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SECTION 1.0 



INTRODUCTION 



The Task Force was formed in November of 1995. It met formally eight times. Four individual 
panels were formed to address specific issues and each met about the same number of times. 
During the course of the study, the Task Force drew upon previous DSB Task Force efforts. 
Some recurring themes will be pointed out later in the report. 

The objective of the study was to make recommendations regarding the creation and maintenance 
of specific aspects of a national information warfare defense capability. Exhibit 1-1 shows the 
specific tasks outlined by the terms of reference. 



• TOR #1 - Identify the information users of national interest who can be 
attacked through the shared elements of the national information 
infrastructure. This should include telecommunications, public 
transportation, financial services, public safety, and the mission essential 
functions of the Department of Defense. 

• TOR #2 - Determine the scope of national information interests to be 
defended by information warfare defense and deterrence capabilities. 

• TOR #3 - Characterize the procedures, processes, and mechanisms 
required to defend against various classes of threats to the national 
information infrastructure and the information users of national Interest. 

• TOR #4 - Identify the indications and warning, tactical warning, and attack 
assessment procedures, processes, and mechanisms needed to 
anticipate, detect, and characterize attacks on the national information 
infrastructure and/or attacks on the information users of national interest 

• TOR #5 - Identify the reasonable roles of government and the private 
sector, alone and in concert, in creating, managing, and operating a 
national information warfare-defense capability. 

• TOR #6 • Provide specific guidelines for implementation of the Task 
Force's recommendations. 



Exhibit 1-1. Terms of Reference 

In addition to the Terms of Reference objectives, the Task Force was requested to look at 
additional items of interest shown in Exhibit 1-2. The National Research Council study was 
mandated by Public Law 103-160, Defense Authorization Bill for Fiscal Year 1994, November 
30, 1993. Pre-publication copies of this report were released May 30, 1996. Because of the 
potential role of cryptography in information warfare - defense (IW-D), the Task Force was 
encouraged to review the NRC report in the context of the Task Force deliberations. To avoid 
duplication and to provide additional focus to the study, the Task Force received briefings on the 
study of the Global Information Infrastructure sponsored by the Director of Central Intelligence. 
This excellent study effort provided valuable insights into the global implications of defensive 
information warfare. 



• DoD 

- Organization for defensive information warfare 

- Legislation and enforcement 

- Enabling teclinologies 

- Indications and warning/response center 

- Intellectual framework^onomy 

- Intelligence community 

- Red teaming 

• NRC study on "Cryptography's Role in Securing the 
Information Society" 

• DCI study of the Global Information Infrastructure 

• Presidential Commission on Critical Infrastructure 
Protection 



Exhibit 1-2. Additional Items of Interest 

During the Task Force deliberations, the President signed Presidential Decision Directive 39 (late 
1995) and Executive Order 13010 (July 15, 1996). These established a President's Commission ^ 
on Critical Infrastructxire Protection. The Commission was tasked to develop a comprehensive i 
national policy and implementation strategy for protecting critical infrastructures from physical I 
and cyber threats. The Task Force was advised that after review and approval of the Task Force | 
report by OUSD(A&T), the Defense Science Board will forward its report to the Conmiission as| 
a "statement of DoD issues, concems, requirements, and reconmiendations." 

The sponsors of the study were the Honorable Enmiett Paige, Jr., Assistant Secretary of Defense j 
for C3I; and VADM Arthur K. Cebrowski, Director for C4 Systems, Joint Staff. I 

Task Force members are shown in Exhibit 1-3. A variety of disciplines were ] 

represented — academia, the telecommunications, banking, and aerospace industries, systems J 
integrators, former military — and a number of members with former government service. In 

order to examine the issues more closely, the Task Force organized into four panels. \ 



Mn Duane Andrews, Chairman 


Mr. Donald C. Latham, Vice Chairman 


Mr. John G. Grimes 


Gen. Bernard P. Randolph, USAF (Ret) 


Org'n and Mgmt Panel Chairman 


Technology Panel Chairman 


Mr. Paul A. Strassmann, 


Mr. Lawrence T. Wright, 


Policy Panel Chairman 


Threat Panel Chairman 


Mr. Edward C. Aldridge 


Mr. Bob Nesbit 


Mr. Stewart A. Baker 


Dr. Percy A. Pierre 


Dr. Delores M. Etter 


Mr. John P. Stenbit 


Mr. Charles A. Fowler 


Mr. Lowell E. Thomas 


Dr. George H. Heilmeier 


ADM Harry D. Train H, USN (Ret) 


Mr. John Lane 


Dr. Willis H. Ware 


Mr. Alan J. McLaughlin 


CDR Frank Klein, Executive Secretary 
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SECTION 2.0 



ENVIRONMENT 



2.1 GROWING DEPENDENCY, GROWING RISK 

The objective of warfare waged against agriculturally-based societies was to gain control over 
their principal source of wealth: land. Military campaigns were organized to destroy the 
capacity of an enemy to defend an area of land. 

The objective of warfare waged against industrially-based societies was to gain control over their 
principal source of all wealth: the means of production. MiUtary campaigns were organized to 
destroy the capacity of the enemy to retain control over sources of raw materials, labor and 
production capacity. 

The objective of warfare to be waged against information-based societies is to gain control over 
the principal means for the sustenance of all wealth: the capacity for coordination of socio- 
economic inter-dependencies. Military campaigns will be organized to cripple the capacity of an 
information-based society to cany out its information-dependent enterprises. 

In the U.S. society, over 60 percent of the workforce is engaged in information-related 
management activities. The value of most wealth producing-resources depends on "knowledge 
capital" and not on financial assets or masses of labor. Similarly, the doctrine of the U.S. 
military is now principally based on the superior use of information. 

'The joint campaign should fiiUy exploit the information differential, that is, the 
superior access to and ability to effectively employ information on the strategic, 
operational and tactical simation which advanced U.S. technologies provide our 
forces." [Joint Pub. 1, p. IV-9] 

The military doctrines shaping U.S. force structure and operational planning assume this 
information superiority. "Joint Vision 2010 focuses the strengths of each individual Service on 
operational concepts that achieve Full Spectrum Dominance" This technological view is shared 
in the Army's "Enterprise Strategy" and "Force XXI Concept of Operations," the Navy's 
"Forward...From the Sea," the Air Force's "Global Presence," and the Marine's "Operational 
Maneuver from the Sea." 

The capstone Joint Vision 2010 provides the conceptual template for how America's Armed 
Forces will channel the vitality and innovation of our people and leverage technological 
opportunities to achieve new levels of effectiveness in joint warfighting. It addresses the 
expected continuities and changes in the strategic environment, including technology trends and 
their implications for our Armed Forces. It recognizes the crucial importance of our current high- 
quality, highly trained forces and provides the basis for their fiirther enhancement by prescribing 
how we will fight in the early 21" cenmry. This vision of future warfighting embodies the 
improved intelligence and command and control available in the information age and goes on to 
develop four operational concepts: dominant maneuver, precision engagement, full dimensional 
protection, and focused logistics. 
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It is not prudent to expect the U.S. dependence on information-dominated activities for wea^A 
nroducing and for national security to go unchallenged. In his book. Strategy: the logic of war 
and peace [1987, Belknap Press, pages 27-28], Edward Luttwak notes: 

The notion of an 'action-reaction' sequence in the development of new war 
equipment and newer countermeasures, which induce in turn the development of 
counter-countermeasures and still newer equipment, is deceptively familiar. That 
the technical devices of war will be opposed whenever possible by other devices 
designed specifically against tiiem is obvious enough. Slightiy less obvious is the 
relationship (inevitably paradoxical) between the very success of new devices and 
their eventual failure; any sensible enemy will focus his most urgent efforts on 
countermeasures meant to neutralize whatever opposing device seems most 
dangerous at the time. 

The reality is that the vianerability of the Department of Defense-and of the nation-to 
offlSnfomation warfare attaclt is largely a self-created problem. Program by Foram, 
^^^^c^tor by ecoiK,mic sector, we have based critical functions on madequately pro^ted 
S^^™uA,e services In aggregate, we have created a target-rich enviromnent and the U.S. 
taS^^TiS^oSlly mS th; generic t^hnology that can be used to strike these targets. 

Despite the enonnous cumulative risk to the nation's defense pos|ure. 

Wei there still is inadequate understanding of the threat or acceptance of responsibility for the 

rie^^nis of attacSon individual systems .hat have the potemial to cascade throughout the 

larger enterprise. 

A case examined in some detail by the Task Force was the dependence of the Global 

Network on unclassified data sources and the GTN interface to the Glob^ 
C«d and Control System (GCCS). GCCS will continue to increase m miportance as it 
b^^^the system of systems through which CINCs, JTFs, and other commanders gain access 
TmTand dffferent information sources. Although GCCS has undergone se -^^--^ 
^s^g, much remains to be accomplished For example, ^^^^tT^^I^XT^ 
principally upon Oracle databases and applicauons evaluation. Other GCCS aspects need 
thorough security testing; e.g., database applications (Sybase), message f^ncUons^d 
configuration management. GTN and GCCS are not unique circumstances. The Global Combat 
rJpS System and a long series of Advanced Concepts Technology Demonstrations currentiy 
shTng Smre of C4ISR follow a remarkably similar pattern: Well-intentioned program 
mXeiTwXery hard to deliver an improved missis ^ ^ 

TimnLr Tlie operators they are supporting do not emphasize security and neither operaU,rs 
no™opers aie hdd responsible for die contribution tiieir individual program makes to tiie 
collective risk of cascading failure in the event of information warfare attack. 

To reduce the danger, all defense investments must be examined from a network- and 
«ctu* -oriented perspective, recognizing the collective risk that ca. grow fron^f^^^^ 
deSons on systems th^ be connected to a shared infrastructure. Only those programs that can 
o^e'^ Xut connecting to the global network or those that can operate witii an accepted level 
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of risk in a networked information warfare environment should be built. Otherwise, we are 
paying for the means that an enemy can use to attack and defeat us. 

The shift from the industrial age to the information age and the implications are illustrated in 
Exhibit 2-1. 




Industrial Age Information Age 



Exhibit 2-1. A Fragile Foundation 

The United States formerly enjoyed a broad-based manufacturing foundation to support other 
infrastructures and conventional and nuclear forces. With the increasing dependence on 
information and information technology, that broad-based foundation has been reduced to a 
rather narrow base of constantly changing and increasingly vulnerable information and 
information technology. Service and joint doctrine clearly indicate an increasing dependence of 
future forces on information and information technology. However, the doctrine of information 
superiority assumes the availability of the information and information technology — a dangerous 
assumption. The published Service and joint doctrine does not address the operational 
implications of a failure of information and information technology. 

By analogy, consider the protection implications of adding an aircraft carrier to our force 
structure. The carrier does not deploy in isolation. It is accompanied by all manner of ships, 
aircraft, and technology to ensure the protection of the entire battle group: destroyers for picket 
duty, cruisers for firepower, submarines for subsurface protection, aircraft and radar for early 
warning, and so on. The United States must begin to consider the implications of protecting its 
information-age doctrine, tactics, and weapon systems. It can not simply postulate doctrine and 
tactics which rely so extensively on information and information technology without comparable 
attention to information and information systems protection and assurance. This attention, 
backed up with sufficient resources, is the only way the Department can ensure adequate 
protection of our forces in the face of the inevitable information war. 
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22 INFORMATION WARFARE 

. uf^cn^-ificallv examined IW-D, it also considered of a few of the concepts 

Operate. 

weapons against an -formanon sy «m «^ec.e<i ^"^^^J^^^^ „ exploit many 



the Internet 



M ^.ion. the attach he ^^^iTSr^ritlfS 
linear outputs from modest '"1""^ only be a minor cost component of a 

physical items stored in the warehouse. 

AS an example of why information wf - ~ s"!^' ^l^Zl^; 

^grated to distributed computmg ^^^"f 'rdefense-^ carry-over from the days 

still depend on the use of fixed ^^^^J^J^^l^^lZlc^ we know that network 
of the stand-alone iSlS^to st,«l computer addresses, user 

analyzers have been and — '"^^^^^^ Z unclassffied military networks, 

identities, and user passwords " ^ ,„ n«squerade as legitimate users and 

X^^ol of the comintter and erase all .races of .he« entry. 

.Usimportanttostressthatstm^gW-;—^,;;^^^^ 
hacking into a few ^^P"** '"ts knees. The Task Force agrees diat 

a«, a few individuals 'f'.'^'^ ^""^^^^.^^^JiT^i^^ automated tools) to break 
i, is easy for skilled ind>v,duals (or less ^H^^"?^""^ ^ „ 3^ files, install malicious 

rr::rarii«s:t^£;^™— 

and for the duration of the attacker's choosmg. 
™sisnottomakelightofU,epowerofd,e— 

press. Many of these methods '-^'"^^^ "^^^s *at m*ious software can be 
Lie terrorist attacks. 11.= Task I=<"^J^^° ^"^"^X^s of activation and that the effect 
emplaced over time with a common tmK »f 8^ ^ cannot be ruled out. the 

cou^d be of the scale of a najor concurrent attack. While sucn an art 
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probability of such is assessed to be low. Currently, however, there is no organized effort to 
monitor for unauthorized changes in operational software even though for the past 3 years 
unknown intruders have been routinely been penetrating DoD's unclassified computers. 

The above assessments do not mean that the threat of offensive information warfare is low or that 
it can be ignored. The U.S. susceptibility to hostile offensive information warfare is real and will 
continue to increase until many current practices are abandoned. 

Practices that invite attack include poorly designed software applications; the use of overly 
complex and inherently unsecure computer operating systems; the lack of training and tools for 
monitoring and managing the telecomputing environment; the promiscuous inter-networking of 
computers creating the potential for proliferating failure modes; the inadequate training of 
information workers; and the lack of robust processes for the identification of system 
components, including users. By far the most significant is the practice of basing important 
military, economic and social functions on poorly designed and configured information systems, 
and staffing these systems with skill-deficient personnel. These personnel often pay little 
attention to or have no understanding of the operational consequences of information system 
failure, loss of data integrity, or loss of data confidentiality. 

Information warfare defense is not cheap, nor can it be easily obtained. It will take resources to 
develop the tools, processes, and procedures needed to ensure the availability of information and 
integrity of information, and to protect the confidentiality of information where needed. 
Additional resources will be needed to develop design guidelines for system and software 
engineers to ensure information systems that can operate in an information warfare environment. 
More resources will be needed to develop robust means to detect when insiders or intruders with 
malicious intent have tampered with our systems and to have a capability to undertake corrective 
actions and restore the systems. 

Note that the appropriate investment in an information warfare defense capability has no 
correlation with the investment that may have been made to obtain an offensive information 
warfare capability. Information warfare defense encompasses the planning and execution of 
activities to blunt the effects of an offensive information warfare attack. However, the value of 
an investment in information warfare defense is not a function of the cost of the information or 
information system to be protected. Rather, the value of the defense is a function of the value to 
the defender of an information-based activity or process that may be subject to an information 
warfare attack. 

If the defender leaves unprotected vital social, economic, and defense functions that depend upon 
information services, then the defender invites potential adversaries to make an investment in an 
offensive information warfare capability to attack these functions. To provide a robust deterrent 
against such an attack, an information-dependent defender should invest wisely in a capability to 
protect and restore vital functions and processes and demonstrate that the information services 
used are robust and resilient to attack. 
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•e thof th*. rate of technoloev change is such that most systems designers and 

system e»S"«*''."%, " ™,tiMs But the lack of such steps can cost. The organized 

ruT.Tnfl^Se'T^SSsrt^n a, one of the ma^ U.S. banks spent . 8 months of 
r^cTnSng Lnloading appKcation software and the e-mail of «.e softwa« 
Wore m started to transfer funds electromcally. 

I, win cost even more, as well as raise ^'f or air 

StaXTlLS^l^oTof It^ks mounted through the infotmation .nfras.rucu.re. 
P.^,thehiggestohs.a^iU^*« 

operation of information services beyond their control. 
23 THE INFRASTRUCTURE 
WhatistheKationallr^^adon^---"^^^ 

rn;.rr;=d^z™::f^^ 

ever-expanding range of equipment: ^^'^^^i,^^^^^^^ satellites, optical fiber 

=n^rrZ:ret:S^^^^^^^ 

^eNHisnotacUffthatsuddenlyconfron.^^^^ 

climbing since postal services and ^-"^P^^^^^^^^^^^^^^^^^ new advance in 

infrastructure has existed for a ong ^^"^"^^^^^^^^^ a future when all 

communications technology. What is ^f^^f 1^ ^^^^f^^^^^^^^^ infrastrucmre will 
the independent infrastrucmres are combmed. manner so that 

integrate and interconnect these physical component "^^^^^^^^^ building 

;::t/ar^^:rof"r:i?.^:-^ 

in large part on the quality of its other elements: 



elsewhere 
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• The network standards and transmission codes that facilitate interconnection and 
interoperation between networks, and ensure the privacy of persons and the security of 
the information carried, as well as die security and reliability of the networks. 

• The people — largely in the private sector — who create the information, develop 
applications and services, construct the facilities, and train others to tap its potential. 
Many of these people will be vendors, operators, and service providers working for 
private industry. Every component of the information infrastructure must be developed 
and integrated if America is to capture the promise of the Information Age. 

We call out domains within this infrastructure by names that reflect the interest of die user: the 
Defense Information Infrastructure of the defense community; the National Information 
Infrastructure of the United States; the complex, interconnected Global Information Infrastructure 
of the future described so well to the Task Force by the representatives of the Central Intelligence 
Agency. The reality is that almost all are interconnected. 

DoD has over 2.1 million computers, over 10,000 LANs, and over 100 long-distance networks. 
DoD depends upon computers to coordinate and implement aspects of every element of its 
mission, from designing weapon systemis to tracking logistics. In field testing, DISA has 
determined that at least 65 percent of DoD unclassified systems are vulnerable to attack. 
Consider how this state come about. 

The early generations of computer systems presented relatively simple security challenges. They 
were expensive, they were isolated in environmentally controlled facilities; and few understood 
how to use them. Protecting these systems was largely a matter of physical security controlling 
access to the computer room and of clearing the small number of specialists who needed such 
access. 

As the size and price of computers were reduced, microprocessors began to appear in every 
workplace, on the battiefield and embedded in weapons systems. Software for these computers 
is written by individuals and firms scattered across the globe. Connectivity was extended, first to 
remote terminals, eventually to local- and wide-area communications networks, and now to 
global coverage. What was once a collection of separate systems is now best understood as a 
dynamic, ever-changing, collection of subscribers using a large, multifaceted information 
infrastructure operating as a virtual utility. 

These legacy computer systems were not designed to withstand second-, third-, or "n"-order-level 
effects of an offensive information warfare attack. Nor is there evidence diat die computer 
systems presently under development will provide such protection. The cost for "totally 
hardened" systems is prohibitive. Security criteria at present presume that computing can be 
protected at its perimeter, primarily through die encryption of telecommunications links. 
However, internal security may be more important than perimeter defense. 

It is not necessary to break the cryptographic protection used to protect telecommunications and 
data to attack classified computing environments. The legacy protection paradigm used by DoD 
was based upon the classification of information. However, most classified computer systems 
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a co-worker who shares authorized access to a telecomputing environment is behaving 
appropriately. 

In sum, we have built our economy and our military on a technology foundation that we do not 
control and which, at least at the fine detail level, we do not understand. 

A few words about the environment are important to set the stage for later discussions. DoD's 
information infrastructure is a part of a larger national and global information infrastructure. 
These interconnected and interdependent systems and networks are the foundation for critical 
economic, diplomatic, and military functions upon which our national and economic security are 
dependent. Exhibit 2-2 shows a few examples of those functions, the importance of information 
and the information infrastructure to each, and the criticality of functions such as coalition 
building in responding to a regional crisis. 

• DoD's information Infrastructure 
is part of an interconnected set 
of military, commercial, national 
and international interdependent 
networks and systems 

• Critical functions are heavily 
dependent on the infrastructures 
and information 

- Economic 

• Manufacturing and distribution 

• Free trade 

- Diplomatic 

• Coalition building 

• Crises stabilization 

- Military 

• Deployment 

• Coalition warfare 

• Sustainment 

Exhibit 2-2. Infrastructures and Dependencies 

The United States is an information and information systems dominated society. Because of its 
ever-increasing dependence on information and information technology, the United States is one 
of the most vulnerable nations to information warfare attacks. The United States and its 
infrastructures are vulnerable to a variety of threats ranging from rogue hackers for hire to 
coordinated trans-national and state-sponsored efforts to gain some economic, diplomatic or 
military advantage. Exhibit 2-3 depicts some of the vulnerabilities. 
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But these interconnected 
networks and systems are 
vulnerable 

- U.S. is one of the most 
vulnerable nations 

- Information technology change 
is faster than that of security 
solutions 

And its getting worse 

- Globalization 

- Standardization 

. Regulation/deregulation 

• Open network architeclure 

• Collocation 

• Interconnection 




Exhibit 2-3. VulnerabiUties 

in one of the briefings presented to the Task Fo«=e ^' P^'^" ^^pporting a key port 

each of three infrastructures ("'""-TT" ™ LTwerel^^^ or dest^yed, or in the case 
city in the United States. If '^^^'^^:^"^^^:^ZT^l'i:^ I would imp^ the 

List. 

And it is getting worse. Globali^tion of b-^-ss ope«Uo»^^ w^ 

and inforLaon system interdependerKC. S'^^^'^^^rL^'jl^^^^ Regulation and 

economies tends to standardize the ,f '"4?*^^^^ ,he Sderal Communications 
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Exhibit 2-4 illustrates the variety of network and computer system vulnerabilities which can be 
exploited, starting with simply making too much information available to too many people. The 
number of holes is mind-boggling— an indication of the complexity and depth of defensive 
information warfare task! 



• Human factors 


• Protocol-based 


- Information freely available 


- Weak authentication 


- Poor password choices 


— > Easily guessed sequence numt>ers 


- Poor system configuration 




- Vulnerability to "social 


— unusea neaoer iivias 


engineering" 


• Denial of service 


• Authentication-based 


- Network flooding 


- Password sniffing/cracking 


- "Spamming" 


- Social engineering 


- Morris worm 


— Via comipted/trusiea system 




• Data driven 


- Inadequate key size/characteristics 


- Directing E-mail to a program 


- Mathematical algorithm flaws 


-* Embedded programming 


• Key Management 


languages 


- Deducing key 


• Microsoft word macro 


- Substituting key 


• Postscript printer 


- Intercepting key 


- Remotely accessed software 


" Setting key 


• JAVA, Active-X 


• Bypassing 


• Software-based 


- Capture data before encryption 


- Viruses 


- Turn off encryption 


- Flaws 


- Replay 


- Excess privileges 


• Denial of service 


- Unused security features 




- Trap doors 




- Poor system configuration 





Exhibit 2-4. Vulnerabilities/Exploitation Techniques 



Take, for example, "Remotely accessed software," which is found in the left column under "Data 
Driven." Distributed software objects, such as JAVA and Active-X, are the wave of the future. 
Rather than having software reside permanently in workstations or desktop computers, the 
Internet will make applications and data available as needed. The applications and data are 
deleted from the workstations or desktop computers after use. The danger of this just-in-time 
support is that the user has no idea as to what might be hidden in the code. Another aspect of 
distributed computing is that the definition of system boundaries becomes very blurred. This 
suggests considerable future difficulty in defining what can and cannot be monitored for self- 
protection, an implication discussed in Section 6. 11, Resolve the Legal Issues, with legal 
reconmiendations. 

The implication s that a risk management process is needed to deal with the inability to close all 
of the holes. Since this subject has been treated extensively by other study efforts (e.g., the Joint 
Security Commission) the Task Force elected not to examine risk management. 

2.4 THREAT 

There is ample evidence from the Defense Information Systems Agency and the General 
Accounting Office of the presence of intruders in DoD unclassified systems and networks. 
Briefings and reports to the Task Force have reinforced the DISA experience. Exhibit 2-5 shows 
some of the threats involved. 
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• Unknown intruders are in DoDnetworfa and computers 
_ Services and DISA experience 

- GAOreport 

. U.S. nehvorits and computers are of significant interest 

- CIA. DiA, and NSA briefings 

• FBI survey - 'There is a serious problem" 

. Threat to the public switched networic is significant 

- NCSandNSTAC 

• Growing interest In sharing sensitive information 

- Government and industry Network Security information Exchanges 

_ Doj Industry Information Center 

. We^n't let our confidence in technological superiority 
blind us to a growing threat 



Exhibit 2-5. The Threat is Real 

TK "1 QOA r^T/FBI ComDUter Crime and Security Survey," released to the public earlier this 
year, concluaea inai^ brute-force password attacks, and denial of service. The 

threat. 
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Exhibit 2-6. Threat Assessment 
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The incompetent threat is an amateur that by some means (perhaps by following a hacker recipe 
or by accident) manages to perform some action that exploits or exacerbates a vulnerability. This 
category could include a poorly trained systems administrator who assigns privilege groups 
incorrectly, which would then allow a more nefarious threat to claim more privileges on a system 
than would be warranted. 

The hacker threat implies a person with more technical knowledge who to some degree 
understands the processes used and has the intent to violate the security or defenses of a target to 
one degree or another. The hacker threat is broad in motivation, ranging from those who are 
mostly just curious to those who commit acts of vandalism. 

The disgruntled employee threat is the ultimate insider threat: the individual who is inside the 
organization and trusted. This threat is the most difficult to detect because insiders have 
legitimate access. 

When examining the potential for information warfare activities, the potential for a criminal or 
non-governmental attack for economic purposes must be considered. Information is the basis for 
the global economy. Money is information; only approximately 10 percent of the time does it 
exist in physical form. As information systems are increasingly used for financial transactions at 
all levels, it is natural to expect all levels of criminals to target information systems in order to 
achieve some gain. 

The increasing interconnectivity of information systems makes them a tempting target for 
political dissidents. Activities of interest to this group include spreading the basic message of 
their cause by a variety of means as well as inciting others to actions. An example is the political 
dissident in this country who sent out e-mails urging folks to send e-mail bombs to the White 
House server. 

By attacking those targets in a highly visible way, the terrorist hopes to cause the media to 
provide a great deal of publicity of the action, thereby further disseminating the message of fear 
and uncertainty. 

A significant threat that cannot be discounted includes activities engaged on behalf of competitor 
states. The purpose behind such attacks could be an attempt to influence U.S. policy by isolated 
attacks; foreign espionage agents seeking to exploit information for economic, political, or 
military intelligence purposes; the application of tactical countermeasures intended to disrupt a 
specific U.S. military weapon or command system; or an attempt to render a major catastrophic 
blow to the United States by crippling the National Information Infrastructure. 

It is necessary to distinguish between what a layman might consider a "major disruption," such as 
the three New York airports simultaneously being inoperable for hours; and a "strategic" impact 
in which both the scope and duration are of dramatically broader disruptions. The latter is likely 
to occur at a time in which other contemporaneous events make the impact potentially 
"strategic," such as during a major force deployment. 
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government-sponsored theft and transfer to offshore competitors of intellectual property from 
U.S. manufacturing firms. 

The media also reports instances of disgruntled employees, contract employees, and ex- 
employees of firms using their access and knowledge to destroy data, to steal information, to 
conduct industrial espionage, invade privacy-related records for self-interest and for profit, and to 
conduct fraud. (An MCI employee electronically stole 60,000 credit card numbers from an MCI 
telephone switch and sold them to an international crime ring. MCI estimated the loss at $50 
million.) Malicious activity by "insiders" is one of the most difficult challenges to information 
assurance. 

DISA reported that it responded to 255 computer security incidents in 1994 and to 559 incidents 
in 1995. Of these, 210 were intrusions into computers, 310 were virus incidents, and 39 fell into 
another category. This is probably just the tip of a very large iceberg. Last year, DISA personnel 
used "hacker-type" tools to attack 26,170 unclassified DoD computers. They found that 3.6 
percent of the unclassified computers tested were "easily" exploited using a "front door" attack 
because the most basic protection was missing and that 86 percent of the unclassified computers 
tested could be penetrated by exploiting the trusted relationships between machines on shared 
networks. Worse, 98 percent of the penetrations were not detected by the administrators or users 
of these computers. In the 2 percent of the cases where the intrusion was detected, it was only 
reported 5 percent of the time. This works out to be less than one in a thousand intrusions are 
both detected and reported. These detection and reporting statistics suggest that up to 200,000 
intrusions might have been made into DoD's unclassified computers during calendar year 1995. 

Whatever the number, unknown intruders have been routinely breaking into unclassified DoD 
computers, using passwords and user identities stolen from the Internet, since late 1993. Once 
the intruders enter the computers masquerading as the legitimate users, they install "back doors" 
so that they can always get back into the computer. These intruders have gained access to 
computers used for research and development in a variety of fields: inventory and property 
accounting, payroll and business support, supply, maintenance, e-mail files, procurement, health 
systems, and even the master clock for one-fourth of the world. They have modified, stolen, and 
destroyed data and software and have shut down computers and networks. 

Such intrusions are not limited to DoD. Information age "electronic terrorists" have penetrated 
commercial computers and data-flooded or "pinged" network connections to deny service and 
destroy data to further their cause: an environmental group sponsored such attacks to call 
attention to their message and to punish a business with which they disagreed. 

In the early 1980s an intruder required a high level of technical knowledge to successfully 
penetrate computers. By the early 1990s automated tools for disabling audits, stealing 
passwords, breaking into computers, and spoofing packets on networks were common. These 
tools are easy to use and do not require much technical expertise. Most have a friendly graphical 
user interface (GUI); automated attacks can be initiated with a simple click on a computer 
mouse. 
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Such tools include: 
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A CD-ROM entitled JTie Hacker Chronicles. Vol II, produced by P-80 Systems and available at 
hacSr shows for $49.95, contains hundreds of megabytes of "hacker" and information security 
information including automated tools for breaking into computers. The package cames this 
warning notice: 

The criminal acts described on this disk are not condoned by the publisher and 
should not be attempted. The information itself is legal, while the usage of such 
information may be illegal. The Hacker Chronicles is for informaUon and 
educational purposes only. All information in this compilation was leg^ly 
available to the public [readily available on the Intemet] pnor to this 
publication. 

Attacks are not just based on the use of smart tools. Simple social engineering-impersonation 
^^sr^r^sentation to obtain information-remains very productive. The ruses are many: 
^vl^ S C^^^ a free software upgrade that has been doctored to circumvent security, a 
"S;?JrS"ding L receiving support over the telephone from a customer-onented firm. 

Additional details on the Task Force assessment of the threat are provided in Appendix A, Threat 
Assessment. 

The nature of the danger is evident in an assessment of the current risk, which is based on the 
S^ent of a toeat; L vulnerabilities of our networks and computing systems; the measures 
aSe to colter an attack; and the impact resulting from the loss of crit^al information, 
information systems, or information networks. This is depicted m Exhibit 2-7. 
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Exhibit 2-7. The Risk — A Clear and Present Danger 
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. • r^ont because of the foUowing factors: 
TheTaskForcebelievesthattheoverallrislcis.gmfica„tbecauseo 

. The current threat is significant 

. -nie vulnerabilities are numerous _ 

• IJ;m™^theDepa«n.»n..ofi.ffillte™»ons. 
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SECTION 3 



OBSERVATIONS 



The Task Force agrees with the observation of the Deputy Secretary shown m Exhibit 3-1 below. 
This section discusses several areas in the Department and in the larger national secunty 
environment where we can make rapid progress on responding to this challenge. 



"This is not a problem we will solve. It is one we can get 

a handle on." - DEPSECDEF White 

While information warfare is a gational security issue that 

goes beyond DoD, it /g warfare and DoD must play a major 

role. 

Information warfare is different 

- iw attack objective is generally a ftritiCral f tinction or a mW999 - 
targets include 

• Infonnatlon 

• Computers 

• Systems 

• Networks 

• Facilities 

• People 

- It's adaptive . — 



Exhibit 3-1. Initial Observations 

The threat nosed by information warfare is not limited to the realm of national defense and the 
SorttocoS^^^ 

Con^^^^^^^^^^^ agencies, regulatory bodies, law enforcement, the Intelligence Community, 
and the private sector. 

Unlike an attacker in conventional war, an attacker using the tools of information warfare can 
^tSi^arcriSlcivim^^^^^^ 

banking or transportation and other centers of gravity or even at the stability of the social 
s^ct^ wLutfirst engaging the military. Such a strategic information warfare attack can 
S^u^^iTout^ewLng^ In addition, attacks on the avil 

^ZZiZ could impel the actions of the military as much as a direct attack on the military s 
force generation processes or command and control. 

However we should not forget that information warfare is a form of warfare, not a crime or act 
o^^^r The Secretary of Defense individually and the Department of Defense collecuvely , 
have t^o b^c r"^ Sbilities-to provide for the "common defense" of Ae United States and 
to^Cad^to fight ... with effective representation abroad" [A National S^unty Strategy of 
EnaagemTm L Enlargement. The White House, February 1996]. By first focusing on 
fmpS i^^ili^ to "lanage the information warfare challenge to the defense mission, the 
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,c,.,n«e,i« national d.f»se«spo«»«hilealsoen^^ 
^Sonal centers of gravity. Theootential 

f&rsrfp=rp^.eH"0..«rfonns.warfare. 

ExMbitS-^suggestsson. additional wa^inw^ch^^^^ 

!o^«tional warfare. fL°SsyS.^andof«^ 
Ackers can hide in tlie meslt of •n«'-"«™^'^)^^ spatial, and political boandanes in 
^^^0 launch their attacks, m U also relatively cheap to wage as 

Sberspace offers further »»«J»»'>'- on investment for resource-poor 

Uck of clear designated flie iirfortnatton age is n«asured more m the 




Exhibit 3-2. Mormalion Warfare is Ditf«^t 
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Exhibit 3-3 shows that information warfare has been particularly troublesome for the Intelligence 
Community because IW is a non-traditional intelligence problem. It is not easily discernible by 
traditional intelligence methods. Formerly, capabilities were derived from unique observables 
and indicators of military capability open to our sensors, amenable to cataloging m databases, 
and understandable by classic analytic techniques. With information warfare, however, the 
following elements come into play: 



Relevant questions 

- What do we need to know? What should we look for? Where do we look? 
Traditional methods are not effective 

- Observables, indicators, experience, databases, analysis techniques, ... 

- Suggesting intent will be extremely difficult 

Key commercial technologies have lethal possibilities 
Technology is ubiquitous and relatively simple 
"Business" processes are complex 
HtJMINT is still extremely important 

Required skill set much broader and deeper in educational level 
_ Computer scientists, network engineers, electronics engineers, business 
process engineers 

- More MSs and PhDs 



Exhibit 3-3. Intelligence Community Observations 

The physical attributes of conventional and nuclear forces can be observed and 
quantified. The alert posture and movement of forces provided indications of potential 
threat Our understanding of such patterns gained from long experience in observing 
known adversaries, the orders of battle stored in our databases, and the related analytic 
skills were well suited for understanding historic threats and from such insights we 
derived "intent." These skills are largely irrelevant in the information warfare 
environment. 

Now key technologies designed for completely innocent applications can be used as 
weaiJons. For example, software used to test systems can also be used to penetrate 
systems. 

The technology required for information warfare is available everywhere. 
However the "business" or "war" processes that must be penetrated to determine 
capabilities and intent are relatively complex, which means that human intelligence and 
counter-intelligence will continue to play a vital role. It is not easy to identify sources of 
attacks, intent, etc. in the information age. 

Finally the technical skills required by our intelligence collectors and analysts in order to 
deal with these new challenges are much broader and deeper and more sophisticated than 
those required in the past. The intelligence community will require more personnel with 
advanced scientific degrees and a deep technical understanding of process, computer, and 
network design and of leading-edge technologies to meet the challenge adequately. 
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Appendix C, A Taxonomy for Infonnation Warfare? 
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^^stoc&liscussed ^section 6. Recon^endations. 



We lack a common vocabulary 

- Task Force could not find or derive a usgfyl IW taxonomy 

. scale, time factors, sequence of attacks. ^^^""^^ 

- TaskForceproposesa,standardvo«^u^^^^ 
assessment and reporting and for threat warning 

flesources are focused on classified content and systems 
H is easv to make the iW-D problem too hard 

_ pLuTtoT broadiy (G../N.. versus Dl.) or narrowly »ns JegaO 
Jrcuson solving political or social probtems before addressing IW-D 

Acquisition policy and practices pose dilemmas 

- Current practices trade off security 

. Functionalfty. pert onnance, number of systems 

- Policy is clear ^ 
. DoDD 5000.1 and PoDD S000.2-R emphasize IW 



Exhibit 3-4. Additional Observations 

THe «ali.y of U»i«d ^sou^s has fos^^d 

functionality, perfonnance, ^d.^^tf^ °!!^f^„ dearly site the need for attention 

expense of security. Onaposravenote.tecentpohcyupdattscK^ CDD 5000.1 indicates 

toL infoimatton warfare aspects of systems ^'"^^""J^"!^;^"^^ practices will be 

U,at acquisition programs should ^""^^'^"^ ^tZd^ffeS^onnaa.^ ""fa"- 
implemented and how the system will be *1<= » "spond » »^ „^ disappointed to 
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Bottom lin^licy exists, it is not yet uniformly implemented or enforced, and it requires 
resources in implementation. 

Fxhibit 3-5 suggests that infrastructure resilience has been demonstrated repeatedly during 

TO wafal«a«ly dLonstrattd in the 1991 regional long-d,stance «"=P'!°'«f ''"^ 
^Sio a simple programming error), the recent West Coast Power "^^^^ 

aided the propagation of the worm. 

Cascading effects have occurred, are difficult to preaici 

- mfrastructoire robustness untested 

- Infrastructure recovery uncertain 
Area and perimeter defenses are not sufficient! 

- Resiliency and repairablllty are critical to Inlormation survivabiirty 

- Information domains are essential 

- Scale of IW-D for a distributed computing environment not wen 
understood 

Easy technical solutions are not apparent 

Exhibit 3-5. Additional Observations 

cascadmg effects and ™f '""^ ^^„o, , effectively employ area and perimeter 
^f^rrrn'^f^w^tS^l^fscale^^^ 
information warfare (defense) capability. 

THeTasl.Porced«s„otv^.».mp;^^^^^^ 

"^T^t^Sr oS^g~ "'f- -P-"y- Unforomately, 
rS^'l^O^cts ^ Lrthand for protecting the confidentiality of informatton. 
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fiaentiality are not adequate to achieving 
^ont the steos needed to ensure confidentiaiwy 
Although i^^P*'"^' *f 'Sormation warfare environment. 

information assurance m an mform ,,,^,oohard as shown in Exhibit 
Bncryptionmayheanexamp^of^^^^^^ 

cSnatioLinformationserv^es ^ . 

'Encryption is useful ... 

- But ^ 

. n's not a P«";^3_3inst denial of service attacks 

- User authentication 

- Data integrity 
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sector to achieve desired assurance goals, and some incentives (such as revisions to the tax 
structure). 



• DoD role in national information security questioned 

• li/larlcet forces alone will not solve the problem 

- Need legislation, regulation, indemnrflcation. incentives, altruism 
ne "seams" (and information sharing) are critical 

- Offense - Defense 

- Government - Industry 
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Solutions will have to address national and regional 
challenges, not just local 

- Federal Response Plan model 

Local processes, procedures and mechanisms must: 

- Be distributed across geography, organizations, and logical and 
political boundaries, yet be tailored to the needs of affinity groups 

_ Not be under or depend on centralized control . — 



Exhibit 3-7. Additional Observations 

The seams are critical. CurrenUy . information necessary for an effective information warfare 
(defense) capability is not shared effectively across the seams. Information warfare (offense) is 
highly compartmented in spite of the fact that it shares common technology and operating 
environment with the information warfare (defense) community. In some cases, the milita^. law 
enforcement and intelligence communities are restricted by law, executive order or regulation 
from sharing certain information. Historically, these communities are notoriously bad at shanng 
information There are very few mechanisms for government and industiy to share sensitive 
information such as vulnerabilities and intrusions. This lack derives primanly from the 
competitive sensitivity of information that is required for an effective information warfare 
(defense) capability. 

In addition, at the national level, tfiere are competing equities at stake in nearly every information 
warfare issue. Not only do these interests compete among each other, tiiere are competitive 
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for each of the four equities. 
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SECTION 4 



WHAT SHOULD WE DEFEND? 



Determination of what to defend should follow from our nation's vital interests as documented m 
the current national security strategy. On the basis of these interests, the Task Force postulated 
the goals shown in Exhibit 4-1 . Given the available time, it was not possible for the Task Force 
to address each of these goals in detail. However, the Task Force did develop a set of nauonal- 
level defensive information warfare interests based on these goals. 



Vital interests (A National S e t^nrhv Strategy of Engagement f»ntf gff/yqemf fTf> 
The White House, February 1996) „ ^ .k-«-^««« 

- Enhance our security with military forces that are ready to fight and with effective 
representation abroad 

- Bolster America's economic revitalization 

- Promote democracy abroad 

Goals ... 

- Stable monetary, financial and banking systems which enjoy public confidence 

- Free trade 

- Continuity of government and constitutional authonty 

- Personal privacy 

- Ability to deploy, employ and support military forces 

- Protected intellectual property . ^. , ^♦k- 

- Venue for resolution of policy issues among government, individuals and the 
private sector 

- Availability of emergency services for any emergency, natural or man-made 

- National standards for "reasonable" protection regimes for public and pnvate 

- Stimulate research, development and application of technologies for iW-D 



Exhibit 4-1. National Goals For Information Warfare (Defense) 



Exhibit 4-2 indicates the national interests that must be defended. The emphasis is on defending 
critical functions and processes, not on defending forces, platforms, or geography. As was the 
case in developing an ensured means of control for the strategic nuclear deterrent, some critical 
information infrastructure capabilities must be isolated from the interconnected national and 
global information infrastructure to ensure it is available to support and manage the restoration of 
critical functions. 
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SECTION 5 



HOW SHOULD WE DEFEND? 



5.1 PROCEDURES, PROCESSES AND MECHANISMS 

Exhibit 5-1 depicts the essential procedures, processes, and mechanisms for IW-D. They are 
based on the defensive information warfare implementation model developed by the Information 
Assurance Division of the Joint Staff J6. An essential step in preparing an information warfare 
defense is the identification of critical national information functions and the information, 
information services, and infrastructures upon which these functions depend. 
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Exhibit 5-1. Procedures, Processes, and Mechanisms 

The first order of business is to deter information warfare attacks. This deterrence must include a 
national will as expressed in law and conduct, a declaratory policy on consequences of an 
information warfare attack against the United States, and an indication of the resiliency of the 
information infrastructure to survive an attack. 

The most immediate need is to provide some form of protection. This protection might include 
physically isolating information, providing some form of access control and authenUcaUon of 
personnel performing critical functions or accessing information, or encryption of the 
information As time permits, the information infrastructure supporting cntical functions should 
be designed for utility, resiliency, repairability, and security. An equally important function is to 
verify through independent assessments that the design is being followed, that protective 
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Protect information commensurate with its intended use. In certain circumstances, 
unclassified but sensitive information (weatiier and terrain data) may have more tactical 
significance than classified information (e.g., outdated intelligence esumates). 
Integrate policy, technical, operational, and personnel aspects. Each of these aspects is 
treated separately for the various communications, information, and secunty disciplines. 
They must be integrated for both efficiency and effectiveness. 

Use Service/Agency core competencies. All ongoing relevant activities must be reviewed 
to preclude reinventing the wheel. 

Build on current programs and initiatives. Use the ongoing information security activities 
and programs and those of related security disciplines as the foundation for achieving an 
IW-D capability. 

Emphasize solutions to the traditional weak link-<he person. Nearly all espionage 
convictions are based on an inside threat. IW-D activities must address this issue head 
on. 

Harmonize IW-D, OIW, INFOSEC, and intelligence support functions. These closely 
related functions are based on many common technologies and processes and must be 
mumally supporting. 

Harmonize activities to protect the NH. the GH, and the DH. Work toward a consistent 
approach and economies of scale in protecting these highly interconnected infrastructures. 
Conduct vigorous interagency coordination. The rapidly evolving and highly complex 
Dn requires proactive measures to preclude duplication of effort and conti-adictory goals. 
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SECTION 6 



RECOMMENDATIONS 



The key recommendations are those which can be implemented by the Secretary of Defense. 
Other recommendations are included which the SECDEF should make to the Director of Central 
Intelligence, and those which relate to the President's Commission on Critical Infrastructure 
Protection or the Infrastructure Protection Task Force. 

6.1 DESIGNATE AN ACCOUNTABLE IW FOCAL POINT 

This is the most important recommendation the Task Force has to offer. Multiple lead 
organizations with no clear principal staff assistant have led to confusion and slow progress to 
date. Boards and councils are important for discussing die issues, but have not and cannot 
provide the needed focus. Although many of the tools used to carry out information warfare have 
been around for a long time, the nature of information-dominated societies and activities makes it 
appropriate to view information warfare as a new warfare area. Information warfare is not the 
sole responsibility of the Chief Information Officer, the Assistant Secretary of Defense for C3I, 
the Director of Central Intelligence, the Chairman of the Joint Chiefs of Staff, die Secretanes of 
the Military Departments, or the Service Chiefs. Each of these is, however, responsible for a 
portion of this new warfare area. The Secretary of Defense, however, needs a single person and 
office to plan and coordinate this complex activity, as well as to serve as a single focal point 
charged to provide staff supervision of the complex activities and interrelationships involved. 
This includes oversight of both offensive and defensive information warfare planning, 
technology development, and resources. Given the interconnected nature of the information 
infrastructures, it is critical that the left hand knows what the right hand is doing and that these 
complex activities are coordinated. 

This single focal point should be required to report regularly on the state of the areas shown and 
provide the informed interaction to other interagency and intergovernmental IW-related activities 
as shown in Exhibit 6- 1 . 
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• Confusion and slow progrekis to date 

• Boards and councils have not provided a focus 

• Information warfare is a new warfare area 

- It is not Intel, C2, CIO 

• Charge focal point to "pull it all together" 

- Staff supervision of both offensive and defensive IW 

- Promulgate integrated policy 

- Ensure development of information warfare theory, doctrine and practice 

- Assess and report regularly to the SECDEF/DEPSECDEF on 

• Policy and plans 

• Preparedness 

• Intelligence support 

• Allocation of resources to iW 

- Interface to interagency/intergovemmental activities 
Action: 

- Designate ASD(C3I) as the accountable focal point for all IW issues 

• Develop a plan and associated budget beginning in FY 97 to obtain needed tW-D 
capability 

• Report annually to the SECDEF on IW status 

• Authorize issuing of instructions 

• Long view suggests USD(lnfonnatlon) 

- Establish a DASD(iW) and supporting staff (ASD(C3I) lead) 
• Bring together as many functions as possible 



Exhibit 6-1. Designate an Accountable IW Focal Point 



The Task Force recommends that the Secretary of Defense designate a focal point for the 
coordination of information warfare. While the focal point could be any of the existing Under 
Secretaries or Assistant Secretaries, the Task Force reconmiends that the focal point be the 
Assistant Secretary of Defense for C3L The first order of business for the focal point should be 
to develop a plan of action to obtain the needed capabilities. The focal point should also report 
the Department's IW status annually to the SECDEF. The focal point should be given authority 
to issue instructions. The long view suggests the eventual need for an Under Secretary of 
Defense for Information. While the Task Force does not make such a reconmiendation at this 
time, there was strong sentiment within the Task Force in support of organizing for the long 
view. The Task Force also recommends that a Deputy Assistant Secretary reporting to the 
ASD(C3I) be named and provided an adequate supporting staff to assist in providing the 
necessary staff oversight and coordination of information warfare activities. The Task Force 
hope is that as many IW-related functions as possible would be consolidated under this 
individual. 
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62 ORGANIZE FOR IW-D 

Before discussing specific organizational recommendations, this section briefly discusses what 
the Task Force views as necessary capabilities for IW-D. Exhibit 6-2 shows the capabilities the 
Task Force determined are necessary for an effective information warfare (defense) and which 
are not adequately addressed in the Defense Department's current information warfare (defense) 
planning. 



1. Intelligence indications and warning, current 
intelligence and threat assessment 

2. Operations (911) 

3. Planning and coordination (411+) 

4. System, network and infrastructure design 

5. Independent assessments 



Exhibit 6-2. Organize for IW-D 

Section 3, Observations, addressed the need for intelligence indications and warnings, current 
inteUigence, and threat assessment. A specific recommendation which addresses the needed 
improvements in intelligence support to information warfare (defense) follows. 

"Operations" as used in Exhibit 6-2 is shorthand for those time-sensitive activities necessary for 
deling with an actual intrusion or attack. While not fully analogous, the Task Force sometimes 
refers to these capabilities as 91 1 or emergency response capabilities. Remember that these 
operations capabilities must be distributed throughout the Department-^own through the 
Military Departtnents and Services and the Defense Agencies and through the CINCs to the 
operating forces. 

"Planning and cooniination" is shorthand for preparedness activities. The Task Force has taken 
to referring to these capabilities as enhanced 411 or 411+ capabilities. Once again, the analogy is 
not completely accurate since it does not convey what will certainly be a broader interactive 
capability, but it does help to make quick associations with intended capabilities. 

One of the more critical needs is a continued capability to obtain an independent assessment of 
our information warfare (defense) posmre. While these assessments can be earned out at any 
level it is felt that there should be a capability established which is accountable directiy to the 
SECDEF/DEFSECDEF. In addition, the organization established to provide this capability 
should be staffed with people who are knowledgeable of all types of threats and of both the DoD 
and private sector environments. 
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6.2.1 Establish a Center For Intelligence Indications and Warning, Current InteUigence, 
and Threat Assessments 

Current intelligence resources and processes are not optimized to provide an understanding of 
threats and potential adversary capabilities to conduct Information Warfare; nor are they 
presendy capable of providing either Indications and Warning or Attack Assessment of 
Information Warfare. An understanding of the IW process and indications of an IW attack will 
most probably require an unusual amalgamation of otherwise seemingly unrelated sets of data. 
The lack of previously identified and validated indicators for IW creates several additional 
difficult dimensions to the problem facing the Intelligence and Defense communities' efforts to 
understand all aspects of IW. 

The United States has, over nearly four decades, identified many sets of data comprising 
indicators of activities by potential adversaries (conununist-bloc). These indicators have 
provided the foundation of our intelligence assessment and indications and warning processes. 
Examples of these include known and understood development processes and cycles for military 
equipment's ranging from ICBMs to submarines to bomber aircraft. Thus, if we observed earth 
spoil on overhead imagery indicating a possible new heavy ICBM silo was under construction, 
we could adjust our threat understanding accordingly. Similarly, we might observe Soviet 
Missile Range Instrumentation Ships moving toward areas of the Pacific Ocean known (from 
prior observations) to be used by Russia as an impact area for ICBM tests; and we would 
conclude that a missile test was in the offing. Or, if a Mediterranean nation began to import 
chemicals which could be used either in fertilizer or in chemical agents for war; we could be on 
the alert for other indications of chemical gas production such as special buildings, storage 
facilities or personalities known to possess technical knowledge necessary to produce chemical 
weapons. 

In a more operational vein, over time, we began to understand communist-bloc strategy, doctrine, 
and tactics as well. All of this knowledge was gained from a series of observations over several 
years. We were able to use this knowledge as we planned for combat and designed and executed 
wargames. Over four decades, with the expenditure of billions of dollars for collection, analysis, 
and reporting systems were optimized to deal with these known, discrete indications of activity. 
These "known indicators" permitted us to conduct intelligence assessments. Indications and 
Warning, and in some cases, attack assessments. 

There were several factors involved in our gathering these data sets. The first is that we (and 
others) have made enough similar observations to establish "patterns of activity." Secondly, 
these observations have either caused us, or permitted us, to identify a number of discrete 
activities that we conclude are indicative of the "entire pattern," or significant segments of the 
pattern. Thirdly, having noted one or more of the discrete indicators, we know what other 
indicators to look for to corroborate our suspicions. ' 

Information Warfare is a whole new game from the Intelligence dimension. We have precious 
few real data from which to derive "patterns of activity." This is made all the more difficult 
because so many of die "indicators" we have used in the past have involved some physical 
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phenomena. In IW, at least in the computer and networked components of it, evidence of IW is 
fleeting at best and is usually not physically observable. The Intelligence Community is working 
hard to address some of these issues; but progress is hampered by organizations, processes, and 
systems optimized for situations found in the past, not the future. Evidence of IW preparations 
or attacks is most likely to come from a wide variety of sources and venues: from the more than 
50 Computer Emergency Response Teams (CERT) around the world, from nodes of different 
segments of our National Information Infrastructure, from academia, from the Intemet, from law 
enforcement agencies, from FEMA, and of course from traditional Intelligence Conmiunity 
resources such as human, signals, and open source intelligence. The Defense Science Board 
believes that some new approaches to collection and analysis are urgently needed. 

The intelligence community understands as well as any that they face a tremendous challenge in 
developing information-age intelligence support activities. Some of the Task Force observations 
regarding these challenges were discussed earlier in the report and are shown in Exhibit 6-2-1. It 
is no easy matter to pinpoint the requirements, identify observables, establish patterns and 
indicators of the patterns, identify sources of the indicators, or determine how the sources will be 
exploited to collected information necessary to develop the indicators. 



• Functions 

- Identify requirements, observables, patterns, indicators, sources, 
collection methods 

- Develop analysis techniques, data bases, threats 

Action: SECDEF formally request the DCI : 

- Establish an J&W/TA center at NSA with CIA and DIA support 

- Task and resource the intel community to develop the processes for 
Cun^ent Intelligence, l&W/TA for IW-D 

- Encourage the intel community to develop information-age trade craft, staff 
with the right skills, and train for the information age. 

- Conduct comprehenswe case studies of U.S. offensive programs and a 
former foreign program to identify potential indicators - collection, funding, 
training, etc. 

- Establish an organization to examine and analyze probable causes of ail 
security breaches 

• Goal is to identify improved and cost effective security practices 

• Must have full access to ail pertinent information and people, procedures, 
facilities (all sources) 

• Findings will not be used for administrative or legal action 

- Develop and implement an integrated National Intelligence Exploitation 
Architecture to support the organization and processes 

Action: SECDEF 

- Direct development of IW Essential Elements of Information (EEI) 
(ASD(C3I) lead) . 

Exhibit 6-2-1. Establish a Center for Intelligence Indications and Warning, 
Current Intelligence, and Threat Assessments 
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The recommendation to establish the center at NS A recognizes their role in electronic 
intelligence and is meant to build upon recent organizational efforts at NSA. However, NS A 
must be augmented by DIA and CIA personnel because of the extensive social engineering 
component of information warfare. The Task Force believes it is essential to keep separate the 
intelligence and operations functions. The reason for the separation is that these functions are 
different. The intelligence community focuses on strategic warning and the operations 
community focuses on continuity of service and the warning and response to immediate danger. 

The Task Force believes the recommendations in Exhibit 6-2-1 are key to improving the 
intelligence support to defensive information warfare. While there has been some activity in 
these areas, the whole process needs a significant jump start. In addition, representatives from 
the intelligence conununity pointed to the lack of Essential Elements of Information (EEIs) from 
the operational community as a contributing factor to the intelligence challenge. This should not 
be an inhibitor to progress. 

There may, in fact, be a need to form a National Center for Indications and Warning. This center 
would gather and analyze monitoring data continuously. The data would be derived from 
commercial infrastructure systems as well as government. The center could be charged with 
searching for and detecting early signs and precursors of a wide scale, coordinated attack and 
widi providing wamings to U.S. government and private sector organizations. Toward that end, 
a phased approach would be appropriate, beginning with a DoD-specific organization which is 
scalable and extensible, and evolving towards a pan-government and private sector organization. 
Roles of the organization should include gathering and analyzing of voluntarily contributed data, 
disseminating of findings, and acting as a clearing house to coordinate feedback and responses 
from the community. 

6^:2 Establish a Center for IW-D Operations 

The basic required defensive information warfare operations functional capabilities are shown in 
Exhibit 6-2-2. The terms tactical warning and attack assessment are familiar to the strategic 
nuclear forces. They fit in the information warfare context consistent with the definitions in Joint 
Pub 1-02, Dictionary of Military Terms. Providing these capabilities in the information-age 
context, however, is very different than the nuclear era. Emergency response and infrastructure 
restoration are self-explanatory. 
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• Functions 

- Tactical warning (monitor, detect, report) 

- Attacic assessment (analyze, organize defenses) 

- Emergency response (control damage, reallocate infrastructure assets) 

- Infrastructure restoration 

• Support CJCS initiative to establisii 

- Military IW operations center (J3 cell. Joint Information Warfare Center) 

• Support IW aspects of deliberate planning, exercises, and operations 

• Serve as time-sensitive IW point of contact for CINCs (911) 

• Serve as IW Information source and clearinghouse for CINCs and 
operations forces 

• Provide operational liaison with counterpart federal, state and local 
agencies on matters of immediate relevance to current military operations 
or exercises 

- CINCIW cells 

• Support planning for and conduct of CINC IW activities 
Action (ASD(C3l) lead with CJCS support): 

- Establish a DoD IW-D operations center (911) at DISA with NCS, NSA, 
and DIA support. 

- Develop/implement distributed tactical warning, attack assessment, 
emergency response, and infrastructure restoration procedures 

• incorporate national guard, reserves, mobilization augmentees, contractor 
support 

• Mandate reporting of all suspected intrusions and computer incidents 
affecting DoD systems and networks 

- Interface with Service and Agency capabilities and l&W/TA support 

- Establish necessary liaison (e.g., military and government operations 
centers, service providers, intelligence agencies, computer emergency 
response centers) 



Exhibit 6-2-2. EstabUsh a Center for IW-D Operations 

The Chairman has already undertaken an effort to establish a military operations center and has 
instructed the CINCs to establish IW cells within their staffs. The military operations center will 
consist of two elements. First, a small cell will be established in the J3 and will be staffed during 
normal duty hours. During crises, the J3 cell will have specific authorities over the second 
element, the Joint Information Warfare Center. The Joint Information Warfare Center will be 
staffed 7 days a week, 24 hoxirs a day, and will serve as the interface to organizations such as the 
CINC IW cells, the Joint Spectrum Center, the Joint Warfare Analysis Center, the Joint 
Command and Control Warfare Center, and the Service IW organizations. 

The distinction to be made between the military IW center and the defensive information warfare 
operations center is that the military center will focus on military operations of a time-sensitive 
nature. The defensive information warfare center will be focused on the Defense Information 
Infrastructure and other critical infrastructures as appropriate. 

While the Task Force reconmiends that the center be established at DISA, current technology 
certainly provides for establishing a virtual center. This virtual center would draw on support 
from geographically dispersed elements. Initial staffing should come from existing assets. As 
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suggested earlier, this operations capability must be distributed down and throughout the 
Department, linking, for the most part, existing operations centers, emergency response teams 
and so on. The Task Force envisions evenmal links to other government centers including any 
that may result from the actions of the Infrastructure Protection Task Force recentiy created by 
Executive Order 13010. 

Establishing the center is relatively easy. Developing and implementing tiie process and 
procedures to be used will be much more difficult; there has been almost no effort devoted to this 
area. One suggestion tiie Task Force makes is that eventual staffing and procedures take 
advantage of technical expertise available in the national guard, the reserves, mobilization 
augmentees, and contractors. Mandatory reporting sounds easy but may be difficult to 
implement because of a basic fear by tiiose reporting tiiat they will be held accountable for tiie 
intrusion or incident and tiiat they will have to pay to fix the problem. Mandatory reporting may 
have to be accompanied witii some form of inducements such as a 'Tix it free" offer. It will also 
be necessary to distribute these capabilities tiiroughout tiie Department and establish an 
information channel witii die indications and waming/tiireat assessment center for shanng of 
information essential to tiie performance of each center's mission. 

If national-level centers for infrastructure protection are established as a result of tiie 
recommendations of tiie President's Commission on Critical Infrastructure Protection, tiien tiie 
Department should ensure appropriate interfaces are established between DoD functions and 
these centers. 

The tentacles of tiiis Operations Center should be virmally extended to every organization in 
DoD, ranging in scope from a single person serving as point of contact for tiie organization to 
having an emergency response cell located witii tiie organization. 

DIS A should establish a tiireshold of information event tiiat requires reporting to tiie Operations 
Center Every information event reaching tiiat tiireshold must be reported and penalties 
established to enforce tiiat reporting. DIS A should maintain a knowledge base of tiiat reporting 
and ensure all response personnel are appropriately trained and informed. 

6^3 Establish a Center for IW-D Planning and Coordination 

The role of tiie planning and coordination center, shown in Exhibit 6-2-3, will be to support tiie 
ASD(C3I) in fulfilling his responsibilities as tiie focal point and to facilitate tiie sharing of 
sensitive information witiiin tiie Department, among tiie Federal departments and agencies, and 
with the private sector. 
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' Functions 

- Develop IW planning framework 

- Assess 

• IW policy and plans 

• IW preparedness 

• Intelligence support 

• Allocation of resources to IW 

. IW incident reports , » j 

- Develop procedures and metrics for assessing Infrastructure and 
information dependencies u i »2>. 

- Facilitate sharing of sensitive information (e.g. threats, vulnerabilities, 
fixes, tools, techniques) within DoD and among government agencies, 
the private sector service providers and professional assocwlions. 

Action (ASD(C3i) lead): 

- Establish an IW-D planning and coordination center (4t?*) sporting to 
the ASD(C3I) with interfaces to the intelligence community, the joint . 
Staff, the law enforcement community, and the operations (911) center | 



Exhibit 6-2-3. Establish a Center for IW-D Planning and Coordination 



One of the first activities of the planning and coordination center should be to establish a 
^^nine framework which can provide for meaningful assessments of progress m information 
^ T l^^anlt This center will not write plans for the CINCs, Services, and Defense 
I^SrJl5iL~ means I integrating information warfare considerations 
into traditional planning activities. 

The center will aid the focal point in assessing the treatment and implications of information 
wXl^l^ran^ plans, o'perations, and the allocation of resources to inform^ion warfar^ 
m ^n erSso analyze ^d assess IW-related incident reports generated by the Services and 
iTenctraTd forwarded to the 91 1 operations center. The assessment will determine patterns of 
activity that might indicate the need to revise plans or resource allocations. 

Since there is no established method for assessing the dependency of ope^^tion^ P^^^ DoD 
support activities on information and infrastructures, the center will need to develop *e 
^Sres and metrics for such assessments. The military operations commumty and the 
S^rsZTcommunitywillperformtheassessm^ Tliese infrastructure dependency 
assessments will be discussed in more detail later in this report. 

Sharing of sensitive information is probably one of the most important first steps in building a 
dSve inSltion warfare capability. Tliere are significant legal, regulatory, competitive and 
emotional hurdles to overcome; these must be addressed as soon as possible. 

6.2.4 Establish a Joint Office for System, Network and Infrastructure Design 

It is not necessary to break the cryptographic protection to attack our classified computing 
enviroimrnts ^e protection paradigm used by DoD is based upon the classificauon of 
tXm^on However, most classified computer systems contain, and often rely on, unclassified 
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information. This unclassified information Often Has little or no protection of the data integrity 
prior to entry into classified systems. The expected interaction between GCCS and GTN are 
examples of this. An increasing number of DoD systems contain decision aids and other event- 
driven modules. These should be buffered from unclassified data whose integrity cannot be 
verified. 

Second-, third-, and "n" -order effects from an information warfare attack have not been 
observed and are not well understood. Further, good data are not available with which to 
conduct modeling and simulation of such effects. Data must be collected to support the 
modeling and simulation of the effects of specific information warfare attacks and defenses. 
Detailed data should be gathered through several means: 

• Measure the specific local effects of a standard battery of attacks on common components 
such as operating systems, firewalls, routers, etc. Experiments should be conducted using 
various configurations and settings of the components and attack variations for as 
complete a picture as possible. 

• Measure the effects and possible consequences for a standard battery of attacks against 
many common configurations of generic networked systems. The technologies and 
configurations selected for these experiments should be common to a large percentage of 
the Dn and Nil, including teleconununications, power, and control systems. Again the 
attacks should be carried out in multiple variations against multiple target system types 
and configurations, with various types of defenses, to obtain accurate data on the 
measurable effects of attacks in all these circumstances. 

• Measure the effects and possibly consequences for a battery of attacks, that could include 
application-specific attacks, on stereotypical defense systems. Measure the effects on 
mission effectiveness. 

To achieve the goal of protecting information systems from future IW attacks, a comprehensive, 
principled approach for architecture, design, and analysis of secure, survivable distributed 
information systems must be developed. These new principles and approaches should build 
upon, and be synthesized from, existing and emerging information system engineering principles 
based on work in fault-tolerant systems, trusted systems, and secure distributed systems. The 
principles must be promulgated as guidelines so that they will be widely applied. 

There is a need to create a broader theoretical underpinning for understanding, design, and 
analysis of the security and survivability of information systems. Theoretical tools available 
today usually treat specialized aspects of information security. Early information-theoretic work 
in the 1950s and 1960, work in the 1980s on trapdoor functions, and recent work on Byzantine 
robust networks may form some basis for development of a broader theory. New theories should 
be developed for robust systems. These theories need to include models both for attacks on 
systems and for survivability defense strategies. Robust system theory should include formal 
methods that apply to large-scale, distributed, heterogeneous systems. Analysis techniques 
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should include methods for predicting and analyzing Red/Blue conflicts by, for example, 
extension/application of game theory and other relevant approaches. 

Since the cost of highly secure network subsystems will be very high, the architect should 
assume that the defense network will traverse commercial infrastructures, and that the underlying 
substrate will be inherently insecure. The network architecture thus must ensure successful 
transmissions in the presence of failed, faulty, and spoofed network components. For example, 
spatial transmission diversity is an existing proof that reliability can improve with intelligent use 
of the network. Since the future global network will include subnets of varying robustness, it is 
suggested that a separable entity be established as an overall net security management system. 
The overall network security manager would be responsible for architectural add-ons (such as 
wrappers) for each subnet, to provide survivable, secure service over the entire net of nets. 

For survivable systems, security is required at multiple levels, including applications, 
middleware, operating systems, and networks. New architectural approaches must enable the 
accommodation of legacy and COTS subsystems, perhaps via wrappers, into an overall adaptive 
system-of-systems architecture. This architecture must be designed to reallocate critical tasks 
dynamically to subsystems which have survived the attack. The security/survivability 
management of the system should be integrated into the overall system management framework, 
in terms of both the automated and the human components of the system management structure. 

In order to test the effectiveness of the survivable system architecture, principles, and theory, it is 
essential to conduct experiments and demonstrations. It is recommended that such experiments 
and system demonstrations be conducted in existing and emerging system testbeds and networks, 
building on both experimental nets and the emerging DII and Nil. 

There are substantial differences between designing a typical information system and designing a 
resilient information infrastructure capable of enduring in the face of intentional disruptions. 
Information system design is typically based on efficiency; a resilient information infrastructure 
design must be based, instead, on effectiveness. Control must be decentralized and portions must 
operate independently of the infrastructure. For example, fault-tolerant computing introduces 
redundancy into otherwise efficient systems in order to make them more effective, particularly 
against random disruptions. Siniilarly, the design of a resilient infrastructure will ensure 
diversity of hardware and software so that a common failure mode will not result in an 
infrastructure failure. Investing in a proper design up front saves money in the long run and 
negates the very real possibility of introducing vulnerabilities by attempting to retro-fit security. 

The goal is to design for utility, resiliency, repairability, and security, as shown in Exhibit 6-2-4. 
Presently, there is no significant body of knowledge on infrastructure design. It will have to be 
developed based on the existing design skills for fault-tolerant computing, resiliency, reliability, 
and so on. This body of knowledge will expand through on the results of the research currently 
under way and planned for large distributed networks and survivable systems. This growing 
body of knowledge will be used to develop and promulgate policies, architectures, and standards 
which enhance the utility, resiliency, repairability and security of the infrastructure. The 
collection of these policies, architectures, and standards will constitute the infrastructure design. 
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• Functions 

- Develop and promulgate policies, architectures, standards 

- Design for utility, resiliency, repairability and security 

• No one event/attack should be able to do the system in 

• Perimeter defense not sufficient 

• Classified systems vulnerable to attack from unclassified data sources 

• Back-up repositories of data must be implemented and regulariy updated 

• Diversity should be a key aspect of design 

- Develop and implement configuration management process 

- Conduct independent verification of design and procurement 
specifications 

Action (ASD(C3I) lead); 

- Establish a joint security architecture/design office within DiSA to 
design the infrastructure in accordance with the above principles to 
shape the design of the DoD Information infrastructure 

- Establish a process to independently verify and enforce adherence to 
these design principles 



Exhibit 6-2-4. Establish a Joint Office for System, Network 
and Infrastructure Design 

The infrastracture design should be verified independently periodically to ensure that the design 
meets the goals of utility, resiliency, repairability, and security. The Task Force suggests using 
NSTAC, NCS, and similar resources to aid in this activity. 

The infrastructure design should also be used to verify that goals of utility, resiliency, 
repairability, and security are reflected in the specifications for development of new systems and 
for purchase of services from the other government agencies and the private sector. 

The Task Force recommends the establishment of a joint architecture/design office in DISA to 
develop and promulgate throughout the Department the needed design policies, architectures, 
standards, and configuration management process. This office should include the current 
architecture and design activities of DISA, but should also be focused on infrastructure design 
and the incorporation of security up front in the architecture and engineering process. The Task 
Force also reconunends that a process be developed to verify compliance with the design 
independently. 

6J2S Establish a Red Team for Independent Assessments 

Red Teaming is an essential component of the IW-D strategy and technology development 
process. We recommend that the concept be extended to include vulnerability analyses as well as 
carefully planned attacks during experimental activities in controlled testbeds and during 
training/planning exercises. The Red Team exercises should be conducted under proper rules of 
engagement to avoid unnecessary damage or disruption to information systems. 
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Emphasis should be given to developing new attack methodologies m addition to reusing and 
applying of current attacker techniques. For example, attacks should be designed wh>ch exploit 
the system's survivability features. A sophisticated attacker would probably know about these 
featiLs. In formulating these attack strategies, models should first be developed for system 
vulnerability and its likely defenses, and these models should be exploited in the attack 
strategies. Vulnerability analyses and Red Team attacks should be conducted at the applicauon 
and sfstem level, as well as at the subsystem level, with the goal of uncovering how operations 
can be perturbed (e.g., the planning and execution of an air tasking order or the deployment of 
sensors and communication assets), and how supporting communicauon links, or specific 
computers and network nodes, can be compromised. 

The need for independent assessments is suggested in the notion that "you can only exp«:t what 
vou inspect." Many activities throughout the Department are in the process of forming Red 
Teams for the purpose of conducting vulnerability analyses, training '^^.^"^^^^^^^^^fp^^^^^ 
so on The Task Force endorses tiiese efforts, particularly m light of previous DSB Task Force 
recommendations. However, what the current Task Force is recommendmg is the 
"SECDEF/DEPSECDEF' s Own"— ^ team whose central role is providing the „ 
SECDEF/DEPSECDEF with unbiased assessments on die Department's IW "state of health. 

As shown at the bottom of Exhibit 6-2-5, die Task Force recommends that a Red Team be 
^l^Sd to perform these independent assessments Two P^^^?^^"-^^^^^ 
Studies have made a similar recommendation to establish such a Red Team. While die Task 
ForcTwas unable to agree on whether die new organization should be a standalone organization 
or "our^m an existing organization, there w^ unanimity on thejact *at^^^ Te^ ^Jr.,^ 
significant management attention and, aldiough reporting tiirough die ASD(C3I), be accountable 
to die DEPSECDEF for its activities. 



» Functions 

- Acquisition - assess vulnerabilities 

• Existing and planned DoD systems and netvraiKs 

. Include products and services provided to DoD by private sector 

- Operations- conduct "IW-like" attacks 

• Verify readiness posture and preparedness 

• Assess physical, cyber, and people aspects 

- Spectrum of attacks 

. FacilitieiB. networks and systems, and people ^-.^^i^ 

. Hardware, software, databases, systems, networks, commumcations 

• Deception, corruption, exploitation, denial 

Action (ASD(C3i) lead): 

- Establish a Red Team ^ . ■ 

. Accountable to SECDEF/DEPSECDEF, independent of design. 

acquisitton, operattons 

. RiS Team recommended by 1994 and 1995 DSB Summer Studies 

• Important management considerations 

- TigM leash and 8ignMicant management attention 

- Integrated product team - j- 

- Develop procedures tor employment of the Red Team 



Exhibit 6-2-5. Establish a Red Team for Independent Assessments 
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Developing and maintaining an independent assessment capability is very important because of 
the traditional resistance to self-assessment and potential embarrassment. However, it is 
essential that the Department evaluate its IW preparedness and not wait to learn of any major 
shortfalls because of the actions of an adversary. This Red Team should have a small permanent 
cadre for management and technical continuity and should be staffed by civilian personnel and 
military personnel on a rotating joint duty basis. 

The organizational recommendations made by the Task Force are shown graphically in Exhibit 
6-2-6. While it was obvious to the Task Force that similar information warfare (defense) 
capabilities and organizations must be established at the national level, the Task Force decided 
not to make specific reconmiendations about where these organizations should be established or 
to whom they should report. Instead, the Task Force recommends this be left to the President's 
Commission. However, it should be pointed out that there is a real need for extensive 
coordination and information sharing between government (Federal, state, and local) and the 
private sector. 




Exhibit 6*2-6. Organizational Recommendation - DoD Aspects 

Exhibit 6-2-7 also shows the organizational reconmiendations made by the Task Force but 
emphasizes the functional aspects. The defensive information warfare process, procedures and 
mechanisms diagram discussed earlier in the report is shown in the middle of the Exhibit and the 
process has been divided by the gray line into preparedness functions and operations functions. 
The reconunended organizations are arrayed in the Exhibit so as to relate their functions (shown 
near the ovals) to the entire defensive information warfare process. 
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Exhibit 6-2-7. Organizational Recommendations - Functional Aspects 



63 INCREASE AWARENESS 

An important and cost effective first line of information warfare defense is a user and operations 
coimnunity that is awaie of potential threats and is well trained in protection detection, and 
™t^cs, techniques L procedures. A well-trained and educated cadre of -unty -d 
automated information system professionals can provide an effective second line of defense. The 
t^lSf J Agencies (NSA in particular) have long provided INFOSEC training. Traditional 
DoD security awareness and training, however, has emphasized the security of ^^^^^^^fj^^^^f 
security information and information systems processing classified national ^^^""^^f "^^^^ 
DoD components are currently implementing awareness, training and education (A^) PJ^g^^^ 
to focus oVnew threats to both unclassified and classified networks. Working groups have been 
established to help coordinate efforts between components. There is a need, however for a 
DoD-level forum with the authority to reduce duplication and implement consolidated traimng 
responsibilities. This forum must take advantage of core competencies to ensure a 
comprehensive, cost-effective program. 

Current modeling and simulation efforts do not adequately address issues that can be expected to 
arise in an information warfare attack environment. For example, little or no consideration is 
given to tiie tactical impact of compromised or exploited computing and networking ^sources 
beyond perhaps the classical effects of jamming or ESM techniques as applied to the battiefield 
communications infrastructure. 
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A fundamental shortcoming of traditional wargame-oriented simulations is the failure to predict 
changes in battlefield behavior resulting from the dynamic interplay of people with new 
weapons, sensors, tactics, etc. This is mainly due to deeply embedded, built-in assumptions of 
human tactical behavior. The introduction of a new dimension to the battlespace, namely that of 
IW, serves to aggravate the problem. A new generation of simulations and gaming environments 
is needed that not only generally minimizes built-in assumptions on human behavior, but also 
captures in particular the implications and impact of sophisticated information warfare types of 
attacks. 

Because of our perceived lead in offensive information warfare capabilities, not everyone 
understands the need for defensive information warfare preparations. The Task Force review of 
several current Service and joint doctrine documents indicates that defensive information warfare 
matters are not adequately addressed. The Task Force strongly suggests the need to make senior- 
level govemment and industry leaders aware of the vulnerabilities and appreciate the 
implications. The recommended actions are shown in Exhibit 6-3. 

The awareness campaign should be designed for several purposes. The internal campaign should 
make DoD personnel more aware of the threats, vulnerabilities, and fixes and should also make 
DoD a better informed customer in the acquisition of systems, COTS products, and services. 
The external program should make DoD suppliers better aware of DoD needs and should make 
the civil agencies and the general public understand DoD dependence on infrastructures and the 
role of DoD in the information-age "common defense." 

• IC/IW (Offense) capability breeds complacency 

• Military doctrine does not adequately address IW vulnerabilities 

• Need senior-level government and industry appreciation of 
what's at stake 

- Pursue all avenues (briefings, conferences, articles, etc.) 
Action: 

- Establish an internal and external IW-D awareness campaign for the public, 
industry, CINCs, Services and Agencies (ASD(C3I) and Public Affairs) 

- Expand the iW Net Assessment recommended by the 1994 Summer Study to 
include assessing the vulnerabilities of the Oil and Nil (USO(P) lead) 

- Review joint doctrine for needed IW-D emphasis (CJCS lead) 

- Explore possibility of large-scale IW-D demonstrations for the purpose off 
understanding cascading effects and collecting data for simulations (AS0(C3I) 
lead) ' 

- Develop and implement simulations to demonstrate and play IW-D effects 
(USD(A&T)lead) 

- implement policy to include IW-D realism in exercises (CJCS lead) 

- Conduct IW-D experiments (CJCS lead) 



Exhibit 6-3. Increase Awareness 

The Task Force reconunends that the ongoing IW net assessment recommended by the 1994 
Summer Study be expanded to include an assessment of the vulnerabilities of the DII and the Nil 
with particular emphasis on those portions of the Nil upon which the Department is especially 
dependent. A brief review by the Task Force of selected joint doctrine revealed a heavy 



6-16 



dependence on information and information technology without corresponding attention to 
defensive information warfare. Existing doctrine should be reviewed for needed emphasis. The 
Department should also explore the possibility of large-scale demonstrations for the purpose of 
exploring cascading effects and for collecting data necessary for simulation of information 
wffltfare activities. 

In addition and to the extent possible, information warfare (defense) must be realistically played 
in exercises. This will require some concerted management attention. The Task Force notes that 
since 1992, DoD policy has called for military exercises to include realistic information warfare 
play. To date, there has been very limited execution of this policy. In those cases where a 
realistic IW environment cannot be created, specific experiments should be developed to assess 
the effects of information warfare attacks. For example, policy directing the CINCs to conduct 
exercises with information warfare realism has been effect since 1992 and there has been no 
noticeable efforts to date to implement the policy. In those cases where such realism is not 
possible, specific experiments must be developed to assess the effects of information warfare 
attacks. 

6.4 ASSESS INFRASTRUCTURE DEPENDENCIES AND VULNERABILITIES 

Traditional thinking is that infrastructures, with few exceptions, are stable, reliable, and always 
available. The nation's interstate highway system is a prime example. Consequently, the 
Departments' operational and functional planners have not adequately addressed the possibility 
that key infrastructures such as teleconmiunications, electric power, and transportation might not 
be available in part to support military operations. The purpose of this recommendation, as 
shown in Exhibit 6-4, is to get the operational and functional planners to begin documenting the 
extent to which their plans are dependent on critical infrastructures and what effect infrastructure 
disruptions might have on execution of the plans. 

• Dependencies and vulnerabilities not well understood 

- Affects efforts to mobilize, deploy, employ, control and sustain forces 

- Interconnected infrastructures have common single points of failure 

- Mitigation (protection) techniques and procedures must be developed 

• The Mission Needs Statement for Infrastructure Assurance 
Modeling developed by Joint Staff will help 

Action 

- Develop a process and metrics for assessing infrastructure dependency 
(ASD(C3I) lead) 

* Assess/document operations plans infrastructure dependencies (CJCS 
lead) 

- Assess/document functional infrastructure dependencies (PSAs lead) 

- Assess infrastructure vulnerabilities (ASD(C30 lead) 

- Develop a list of essential infrastructure protection needs (CJCS lead) 

- Develop and report to the SECDEF the resource estimates for essential 
Infrastructure protection (ASD(Cdl) lead with CJCS support) 

- Review vulnerabilities of hardware and software embedded in weapons 
systems (USD(A&T) lead) 



Exhibit 6-4. Assess Infrastructure Dependencies and Vulnerabilities 
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The Joint Staff has begun to address the issue by developing a draft Mission Needs S^tement fo 
Infrastructure Assurance Modeling. The MNS approach is to use modeling and simulation. This 
is probably the best long-term approach to understanding infrastructure inter-dependencies, 
potential cascading effects, etc. 

The Task Force recommends that a separate effort be initiated by the ASD(C3I) to develop an 
alternative approach using other analytical techniques that could be employed in the near term by 
the operational and functional planners to assess all critical infrastructure dependencies. Based 
on these assessments by the Chairman and the Principal Staff Assistants the Cha^^^ should 
develop the essential infrastructure protection needs and the ASD(C3D should develop the 
resource estimates for the needed protection. 

The Task Force recognizes that this will be an enormous task. However, the complexity and 
difficulty of the task should not be an impediment to starting the effort; "the journey of a 
thousand miles begins with a single step." 

6^ DEFINE THREAT CONDITIONS AND RESPONSES 

Exhibit 6-5-1 shows that, as in the traditional operations community, the IW-D operations 
community requires an alerting mechanism to heighten awareness and P^JP^^^ness as the threat 
increases. In addition, there should be some prescribed response by the IW-D operations 
community to increasing threat conditions such as minimizing the traffic on the networks, 
^"fpersomiel acless to operational facilities, disconnecting certain ^yf-^^~'^ 
which are likely targets, and possibly implementing wartime modes of operation. While the 

TfL is urgently n^ded, it will be complicated by the extensive interconnectivity of systems and 
networks ^id because some actions will be required by the private sector, m part, since much of 
the Defense Information Infrastrucmre is embedded in the public switched and data networks. 



• Conditions and responses required for risk management 

- Conditions analogous to DEFCON 

- Responses might include 

• Minimiza 

• Personnel actions 

• Disconnecting from ttie "net" 

• Use of War Mode (WARM) protocols 

Defense of ttie information infrastructure complicated by 

- Interconnectivity - heightened state of aiert must extend to all connected 
systems and networks 

_ Reliance on private sector - may require legislative or regulatory actions 

Action: 

_ Define and promulgate a useful set of IW-D threat conditions which is 
coordinated with current intelligence community threat condition 

definitions (CJCS lead) 

_ Define and implement responses to IW-D threat conditions (CJCS lead with 
ASD(C3I) support) ^ 

- Explore legislative and regulatory implications (ASD(C3l) lead) 



Exhibit 6-5-1. Define Threat Conditions and Responses 

6-18 



Exhibit 6-5-2 is an illustrative cut at what a structured threat condition and response table might 
look like. This is not a definitive threat chart. For example, "normal" is yet to be defined and 
very damaging attacks can be postulated that would not cause a noticeable increase in the number 
of incidents. Also, it should not be inferred that the Task Force believes an information warfare 
attack will necessarily escalate in a linear manner from level n to level V. An attack could be 
oriented on a specific critical target or could immediately threaten multiple centers of gravity 
within the United States. The term "special contexts" is an attempt to highlight the potential 
linkages between an information warfare attack and other circumstances that may be present. For 
example, disruption of the infrastructures supporting Fort Bragg, North Carolina, would have 
much greater impact during a deployment of U.S. forces to a crisis location than it would during 
normal peace-time training operations. 



CONDmON 


srruATiON 


REQUIRED RESPONSE. 


I-Normal 


- Normal threat-crime/incompetents 

- Normal activities in all sectors 


- Normal actions and requirements 


Il-Perturbation 


- 10% increase in incident reports, 

regional or functionally based 
- 15% increase in all incidents 


- Increase incident monitoring 

- Look for panems across wide range of 
variables 

- Alert all agencies to increase awareness 
activities 

- Beein selective monitoring of critical elements 


in-Heightened 
Defense Posture 


- 20% increase in all incident reports 

- Condition 11 with special contexts 


- Disconnect all unnecessary connections 

- Turn on real-time audit for critical systems 

- Begin mandatory reporting to central control 


IV- Serious 


- Major regional of funcdonal events 
that seriously undermine U.S. interests 


- Implement alternate routing 

- Limit connectivity to minimal states 




- Condition IV III with special contexts 


- Begin "aggressive" forensics investigations 


V-Brink of War 


- Widespread incidents that undermine 
U.S. ability to function 

- Condition III/ IV with special contexts 


- Disconnect critical elements from public 
infrastructure 

- Implement WARM protocols 

- Declare state of emergency 



Exhibit 6-5-2. Sample Threat Condition and Response 



Deriving a solid set of threat conditions and appropriate responses will require some serious 
research. The various levels reflect combinatorial effects as well. For example, it is possible to 
move from Condition I to Condition V without passing through the intervening conditions. 
Condition 11 reflects the notion that an attack may be surgical rather than broad-based. 

6.6 ASSESS IW-D READINESS 

Information warfare defense should be viewed from a warfighting perspective. Operational 
forces should be able to detect, differentiate among, warn of, respond to, and recover from 
disruptions of supporting information services. Recovery from disruptions resulting from 
failures or attacks might involve repair, reconstitution, or the employment of reserve assets. In 
some cases, network managers may have to isolate portions of the network, including users of the 
network, to preclude the spread of disruption. Given the speed with which disruptions can 
propagate through networks, these capabilities may need to be available in automated form 
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within the network itself. Finally, there must be some means to manage and control these 
capabilities. At its heart, this is an operational readiness matter. 

A standardized process to enable commanders to assess and report their operational readiness 
status as it relates to their specific dependency on information and information services is an 
essential element of operational readiness. A standard vocabulary will enable common 
description of risk scenarios and assessment methodologies. (A more complete explanation of 
the proposed process is at Appendix C.) The use of a structured assessment and reporting 
process will help move information assurance from a global and unsolvable problem to the 
identification of discrete information and information service dependencies that illuminate 
quantifiable risk to specific information dependent activities within a commander's sphere of 
responsibility. A similar assessment and reporting process can be applied by supporting 
elements and in the commercial sector. 

Exhibit 6-6 shows that information warfare (defense) must be mainstreamed as a readiness issue. 
A means must be developed for including information warfare (defense) issues in readiness 
reporting and a process must be developed to assess the information warfare (defense) readiness 
posture independemly. The assessment scenarios differ from the threat conditions discussed 
earlier in that the assessment scenarios are used to assess readiness against a wide range of 
possible threats to specific units, missions, and functions, while the threat conditions are used to 
describe the existing threat condition to the broad interconnected population. The assessment 
scenarios are applied locally, while the threat conditions are applied globally. Standardized 
assessment scenarios could be used for planning considerations, in warning orders, and so on. 
The assessment regime provides a means for addressing variability and should be used in concept 
and operations planning. 



• Readiness assessment system 

- Need explicit process to tie iW-D readiness assessments to the ability to execute 
operational missions 

- Propose standardized, graduated assessment scenarios 

• Accident 

• Amateur hackers 

• Experienced hacker 

• Well-funded non-state purchase or hire off advanced IW capabilities 

• state-sponsored IW 

• state-sponsored IW with the acthre collusion off an insider 

- Propose standardized, graduated assessment regime 

• An unknown infformation assurance capability for a specified threat scenario. 

• Engineering estimate based on design parameters and recovery plans 

• Engineering estimate teased on design, simulation exercises, and review of recovery plans, 
but no physical testing for a specified threat scenario, 

• Internal assessment organization and live contingency plan exercise 

• Independent security assessment organization and Ihre contingency plan exercise 

Action: 

- Establish a standardized IW-D assessment system for use by CINCs, 
MilDeps, ServioeSt and Combat Support Agencies (CJCS lead) 



Exhibit 6-6. Assess IW-D Readiness 
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• Readiness reporting system 

- Need a standard IW-D preparedness reporting system using assessment 
factors from previous exhibit 

Action: 

- incorporate IW preparedness assessments in Joint Reporting System and 
Joint Doctrine, for example (CJCS lead): 

• SORTS (Status of Resources and Training System), Joint Pub 1 -03.3 

- Add IW preparedness to overall unit readiness rating (C-Level) 

• CSPAR (CINCs Preparedness Assessment Report), Joint Pub 1-03.31 

- Add explicit review of IW to review of Ops/Con Plans 

• CSAAS (Combat Support Agency Assessment System), Joint Pub 1-03.32.1 

- Address IW preparedness in new aimuai CSAAS cycle 

• Joint Tactics, Techniques, and Procedures for Base Defense, Joint Pub 3-10.1 

- Include IW, apply to CONUS and OCONUS bases 

• Joint Doctrine for Operations Security, Joint Pub 3-54 

- Add IW posture to assessment factors 

• DISA Communications Spot & Status Reports, Joint Pub 1-03.10 

- Modify to include status reporting on major computing resources 

- Include CSAs, IMilDeps and Service mobilization & sustainment assets 



Exhibit 6-6. Assess IW-D Readiness (Continued) 



The Task Force recommends that the Chairman of the Joint Chiefs of Staff incorporate 
information warfare preparedness assessments in the Joint Reporting System and into Joint 
Doctrine. The systems, reports and publications cited are only examples that the Task Force 
reviewed to illustrate how these assessments might be incorporated. Additional details will be 
provided in the written report. 

6.7 *^ISE THE BAR'' WITH HIGH-PA YOFF, LOW-COST ITEMS 

There are a number of things the Department can undertake, as shown in Exhibit 6-7, that are 
relatively low cost, but that will raise the bar significantly for potential system and network 
intruders. Training and awareness have already been emphasized. The two specific examples 
are cited to illustrate the fact that there is existing Executive Branch policy regarding this matter 
and that the use of banners to alert users is a good way to increase awareness. Certification by 
users of banner understanding is another technique to emphasize the importance. One of the 
Task Force members cited as an example the procedure used in his company. On a periodic 
basis, users of the network are presented with a security awareness quiz. If the questions are not 
answered correctly after three tries, the user must have the systems administrator provide access 
to the system or network. 
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• Training and awareness 

- Enforce provisions of Appendix 3, OMB Policy A-130 

- Use banners 

• Improve security of DoD's unclassified computers 

- Access control (get rid of fixed passwords!) 

- Identification and authentication 

- Much more effective than encryption in "raising the bar" 

• Promote use of government approved commercial 
security technologies 

- Support JWCA Phase 5 plan of action 

Action (ASD(C3I) lead: 

- Direct the immediate use of approved products for access control 

• As an interim until a MISSI solution is implemented 

• For those users not programmed to receive MISSI products 

- Examine feasibility of using approved products for identification 
and authentication 

- Require use of escrowed encryption for critical assets 

• Preclude rogue employee from locking up systems and networks 
• Data bases, program libraries, applications, transaction logs 

Exhibit 6-7. **Raise the Bar'' With High-Payoff, Low-Cost Items 



One of the most important acts is to improve the security of DoD's unclassified computers by 
instituting dynamic access control and authentication of users. Until this is done, the Department 
has little assurance that it has any control over these systems, many of which are essential to 
critical support functions. The Department should also promote the use of existing commercial 
and government security technologies. 

The Task Force recommends the immediate use of commercial access control technologies for 
this purpose. These technologies can be used as an interim solution for MISSI and as a solution 
for those users not programmed to receive MISSI. The Department should also explore the 
feasibility of using approved conmiercial products for identification and authentication and 
continue its plans for the use of escrowed encryption, particularly for the protection of critical 
assets. 

6.8 ESTABLISH AND MAINTAIN A MINIMUM ESSENTIAL INFORMATION 
INFRASTRUCTURE 

The current information infrastructure which supports telecommunications, power, 
transportation, etc., is susceptible to IW attacks, and in particular to wide-scale coordinated 
attacks aimed at disabling or disrupting government as well as commercial systems. A strategy 
and overall architecture concept must be developed for a minimum essential information 
infrastructure (MEII). This minimum infrastructure can serve as a means for restoring services 
and adapting to wide-scale outages. Milstar should be investigated as a means for determining 
available connectivity and providing modest but critical packet data service for exchange of 
routing, node status, and other essential network management information. In this role, Milstar 
would be supplemented with available commercial resources as possible and as needed. 
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The concept should consider the applications and deployment of secure gateways connected to 
Milstar ground station equipment and reallocated Milstar assets as a hardcore network for use in 
restoring critical connectivity. The authentication of commercial wireline and wireless network 
access through the gateway to the hardcore network is a critical issue, and must be addressed. 

In addition to an overall MEII architectural concept, minimum essential services, an operational 
concept, and a management structure must be developed. A strategy must be developed for 
transitioning from peacetime or normal operational activities to the minimum essential 
information infrastructure. It will be important to execute the transition strategy in the context of 
exercises. 

The minimum essential information infrastructure capability shown in Exhibit 6-8 could serve 
the Department for critical missions and functions and could serve the nation for other national 
security-related functions. The 1995 DSB Sunmier Study titled Investments for Century Military 
Superiority reconunended a minimum essential C3 capability. Included are the specific 
recommendations leading to that capability. 



• Current NII/DII is vulnerable 

- Not designed for resiliency or repair 

- Cannot fully depend on public switched network 

• Need 

- Faiisoft infrastructure to support critical functions while under attack 

- Failsafe minimum infrastructure 

- Failsafe capability to manage restoration independent of the public 
switched network 

• Core capabilities exist 

- Milstar 

- Government Emergency Telecommunications Service (GETS) 

- Telecommunications Service Priority System (TSP) 

- National Telecommunications Management Structure (NTMS) 

- Etc. 

• Critical interaction of fuel, power, and telecommunications 

• Base on infrastructure dependency assessments 

• Build on 1995 DSB Summer Study recommendation 

Action: 

- Define options with associated costs and schedules (ASD(C3I) lead) 

- Identify minimum essential conventional force structure and supporting 
information infrastructure needs (CJCS lead) 

- Prioritize critical functions and infrastructure dependencies (CJCS lead) 

- Design a Defense MEII and a failsafe restoration capability (ASD(C3I) lead) 

- Issue direction to the Defense Components to fence funds for a Defense 
MEII and failsafe restoration capability (USD(C) lead) 



Exhibit 6-8. Establish and Maintain a Minimum Essential Information Infrastructure 
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6.9 FOCUS THE R&D 



New information security products — from biometric personnel identification devices to advanced 
firewalls — are being introduced every day into the connunercial marketplace. Many of the 
products are either focused on protecting against network-based intrusions or are attempting to 
enable some form of electronic commerce. However, these products often do not scale well in 
large distributed environments, are too expensive, and are too difficult to configure. 

The Department of Defense should monitor the progress in commercial information technology 
and take care not to duplicate or reinvent the progress being driven by market forces. However, 
the commercial market will not provide the Department the necessary tools and techniques to 
rapidly and securely assemble and protect a robust, resilient, deployable information system to 
support a Joint Task Force or coalition operations. The Bosnia C2 Augmentation initiative is an 
example of the challenge. 

As cost-affordable technologies are developed, they should be given early tests in the Joint 
C4ISR Battle Center Environment. 

The Task Force is aware of several of the ongoing information system security initiatives under 
way in DARPA and has read the descriptions of other IW-D R&D efforts in the Joint 
Warfighting Science and Technology Plan and in the Defense Technology Objectives of the Joint 
Warfighting Science and Technology and Defense Technology Area Plan (both of May 1996). 
However, the Task Force suggests a tighter, more integrated focus on support to U.S. defense 
activities in the areas ouflined in Exhibit 6-9. In addition. Task Force did initially consider a 
much broader and more comprehensive list of R&D initiatives required for information warfare 
defense. Because of the potential contribution of conmiercial security activities to some of the 
Department's requirements, the Task Force recommends the Department should focus its R&D 
on those aspects of information protection and assurance not likely to be addressed by the private 
sector. Several Task Force members stressed that the R&D program must emphasize cost and 
operational realism. For example, it would be helpful if the primary design criteria included per- 
seat costs for installation, training, and support. 
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• Current security products are not designed to protect large 
distributed environments 

• Must devote attention to verifying security configuration of a 
rapidly assembled system for Joint Task Force or coalition 
environments 

• DoD must carefully evaluate emerging commercial tectinologies 
and products 

- To include testing in Joint C4ISR environments 

• Focused research effort required which involves academia, 
industry and government; however, 

- Few universities currently have related courses or research programs 

- There are no established avenues for sharing experience and knowledge in 
resilient system design 

Action (USD(A&T) lead): 

*- Focus the DoD R&D program on the following areas 

• Robust survivable system architectures 

- No one event/attach should lead to failure of a critical function 

- Design should provide for graceful degradation and rapid restoration of critical 
functions 

• Techniques and tools for modeling, monitoring and management of large-scale 
distributed /networked systems 

• Tools and techniques for automated detection and analysis of localized or 
coordinated large-scale attacks 

• Tools for synthesizing and projecting the anticipated performance of survivable 
distributed systems 

• Tools and environments for iW-D oriented operational training 

• Testbeds and simulation-based mechanisms for evaluating emerging IW-D 
technology and tactics 

- Work with the National Science Foundation to develop 

• Research in U.S. computer science and computer engineering programs 

• Educational programs for curriculum development at the undergraduate and 
graduate levels in resilient system design practices 

Exhibit 6-9. Focus the R&D 

The development of robust survivable systems resistant to information warfare attack, as well as 
other types of failure, must involve major advances in technology and will require the efforts of a 
vigorous research community embracing academia, industry, and government. Prior R&D efforts 
have focused on areas such as computer and network security, encryption technology, and single 
node failures. Little attention has been paid to surviving willful malicious attack, or detecting 
and eliminating corrupt software. 

The area of robust survivable systems offers an opportunity for a unifying theme to develop a 
broad-based research effort covering the full range of 6.1, 6.2, and 6.3 research to overcome the 
current lack of significant new ideas and problem solutions. Particular emphasis should be given 
to the following areas: 

• Designing a system such that no one event/attack will lead to process failure 

• Design methods for work processes and software that enable the monitoring of functional 
activities, provide for the graceful degradation of functional activities, and ease the rapid 
restoration of functions. 
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As indicated in the previous exhibit, specific attention should be paid to verifying the 
configuration of a rapidly assembled system for use in Joint Task Force or coalition 
environments. This should include positive identification of system components with passive 
identification of users, in both the static and mobile environments. 

Regarding test beds and simulation-based mechanisms, it will be important to: 

• Verify whatever security claims are made for a product 

• Understand and model cascading events from an information warfare event 

• Understand the impact (and psychology) of multiple carefully timed attacks. 

In addition to the above, the R&D community should also consider establishing a focused effort 
on the theory, science and analysis of high assurance, massively distributed systems to include: 

• Developing rigorous mathematical approaches and principles for complex system 
analysis and synthesis. The DARPA BAA 96-40, Survivabilitv of Large Scale 
Information Systems . 28 August 1996, provides a good start. 

• Developing advanced modeling and analysis techniques extending existing formal 
method approaches. 

• Developing advanced formalized techniques for predicting, testing, and verifying 
complex system performance. 

Finally, the Department should work with (and even possibly provide seed money to) the 
National Science Foundation to establish research and education programs for resilient system 
design in the universities and colleges. 

6.10 STAFF FOR SUCCESS 

IW vulnerability is often due to human error, insufficient training, or lack of knowledge of or 
failure to follow procedures or adhere to policy. This vulnerability represents a gap which cannot 
be closed with technology alone. Currently, capabilities of system and network administrators 
and system managers vary widely. This is partially due to a lack of appropriate training, and 
partially due to the difficulty in use of existing security products and in obtaining information on 
how to configure a system securely. 

A cadre of high-quality, trained professionals with recognized career paths is an essential 
ingredient for defending present and future information systems. It is recommended that research 
be conducted towards the development of techniques, curricula, tools, and technology 
specifically for security-focused training for system and network administrators. Developing 
partnerships with universities, colleges, existing DoD professional development programs, and 
vocational schools for the purpose of curriculum development will be an essential ingredient of 
this process. It will also be important to capitalize on emerging distributed interactive simulation 
technology to provide a realistic, dynamic, operations center-like training environment indicative 
of a real-worid IW combat setting. 
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The Task Force acknowledges that there are a number of studies and initiatives under way in the 
area of information warfare (defense) training. Included in these is a recent NSTISSC review of 
training which recommended the development of a database of all available INFOSEC training 
courses. NSTISSC has also developed training standards for Systems Administrators, 
Information System Security officers, and Designated Accreditation Authorities. However, 
efforts throughout the Department do not appear to be well coordinated and there does not appear 
to be a concerted effort to train systems and network coordinators properly. 

As shown in Exhibit 6-10, the Task Force recommends establishment of a skill specialty for 
military personnel to enable the formation of a cadre of knowledgeable and experienced 
defensive information warfare specialists. The skill specialty is recommended instead of a career 
path to ensure that operational experience is reflected in the performance of the information 
warfare (defense) duties and to preclude the possible formation of a closed community of 
experts. 

• Systems/network administrators are the first line of defense 

- Need a professional cadre - not "other duties as assigned" 

- Keep the defenses in good order 

- Serve as the "piclcet line" to sound the warning 

• Need IW-D skills and awareness in all functional areas 

Action: 

- Establish a career path and mandate training and certification of systems 
and network administrators (USD(P&R) lead) 

- Establish a skill specialty for IW-D (USD(P&R) lead) 

- Develop specific IW awareness courses with strong focus on operational 
preparedness in DoD's professional schools (CJCS lead) 



Exhibit 6-10. Staff for Success 
6.11 RESOLVE THE LEGAL ISSUES 

Legal issues can be a distraction from moving on with what can be done. As shown in Exhibit 
6-11, the Task Force found some confusion among the Department's representatives regarding 
the scope of their authority to monitor systems and networks for the purpose of assessing the 
security of the systems and networks. As discussed earlier, the advent of distributed computing 
has and will continue to blur the boundaries of the systems and networks that DoD uses.. 
Confusion also stems from uncertainty over when or whether a wiretap approval is needed. All 
DoD system and network administrators should assume that any intrusion is a hostile intrusion 
and take action to minimize the effects of the intrusion and report the intrusion for purposes of 
tactical waming and to obtain necessary protective support, including law enforcement. 
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• Issues: 

- Defending DoD systems 

• DoD has needed authority, but rules must be clarified 
" Defending other government and civil systems 

• Need government-wide guidance (perhaps legislation) 

• Areas to examine include: 

- DoD assistance to the private sector (e.g. Computer Security Act) 

- Attacker of unknown nationality (intelligence versus U.S. persons) 

- Tracking attackers through multipte systems 

_ Obtaining/requiring reports from the private sector owners and operators of 
critical infrastructures 

Action (General Counsel lead): 

- For DoD systems, promulgate: 

• Guidance and unequivocal authority for DoO users to monitor, record data, and 
repel imruders In computer systems for self protection 

• Banners that make it dear the DoD's presumption that intruders have hostile intent 
and wam that DoD will take the appropriate response 

• IW-D rules of engagement for self-protection (including active response) and civil 
infrastructure support 

- Provide to the Presidential Commission on Critical Infrastructure Protection 
proposed legislation, regulation, or executive orders for defending other 
systems. 



Exhibit 6*11. Resolve the Legal Issues 

To lessen the confusion, the SECDEF/DEPSECDEF should direct the General Counsel to 
explore this matter and issue rules of engagement regarding appropriate defensive actions that 
may be taken upon detection of intrusions into and attacks against DoD systems and networks. 
This should include promulgating clear guidance regarding monitoring of systems under DoD 
control and the use of warning banners on these systems. 

The SECDEF/DEPSECDEF should also task the General Counsel to propose legislation, 
regulation, or executive orders as may be needed to make clear the DoD role in defending non- 
DoD systems. This should specifically address the need for changes to the Computer Security 
Act, the capture of information on unidentified intruders (issue of intelligence collection on U.S. 
persons), the authority to conduct "hot pursuit" of intruders, and the ability to obtain reports from 
the operators of critical elements of the civil infrastructure. 

The findings and recommendations developed by the General Counsel should be provided to the 
President's Commission to aid in their deliberation of the legislative and policy initiatives 
required for die protection of the critical infrastructures. 

6.12 PARTICIPATE FULLY IN CRITICAL INFRASTRUCTURE PROTECTION 

Exhibits 6-12-1 through 6-12-4 indicate the Task Force recommendations regarding what DoD 
should offer to, advocate to, request from, and suggest to the President's Conmiission. Exhibit 
6-12-1 suggests what capabilities DoD might offer to the Commission and the nation in support 
of critical infrastrucmre protection. The Department should think through and propose to the 
Commission appropriate national defense response and retaliation capabilities in the event of an 
information warfare attack on the critical civil infrastructures, understanding that Defense is not 
the sole element in responding to threats to the national security. 
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Action: Offer DoD capabilities to the President's Commission 

(USD(P)andASD(C3l)): 

- Improve private-sector defenses 

• Transfer R&D. share standards and purchasing power 

• Loan technical and operational expertise to civil agencies and private 
sector 

- Provide IW&TA to private sector 
. Supplement and back up law enforcement and private sector 

capabilities . 

• Use IW&TA center as test bed for applicable private-sector techniques 

- Restore service to critical Infrastructures 

• Use Federal Response Plan as a model 

• Explore use of Defense MEIl and stand-by contracts 

• Use DoD 911 Ops Center to back up private sector capabilities 

• Plan for effective reaction and restoration 

- Response/Retaliation/Deterrence 

• Propose DoD responsibilities 



Exhibit 6-12-1. Participate FuUy in Critical infrastructure Protection 

Exhibit 6-12-2 suggests what DoD interests should be advocated before the Commission. The 
fnfo™ltion-age powers for the President are suggested in light of the outdated nature of 
sir 706 of the Communications Act of 1934. This Act is the b^is for Federa^ mte~ 
in assuring the operation of the telecommunications infrastructure. Cnucal infrastructure 
™e'gol c^ be articulated in a general fashion, but should be eventually based on the 
infrastructure dependency assessments discussed earlier in the report. 



Action: Advocate DoD Interests to the President's Commission 
(USCHP) and ASD(C3I)): 

- Continued clarity of responsibilities of the Commander-in^hief and 
SECDEF in any policy proposed by the President's Commission 

- information-age war powers for the President (draft necessary legislation) 

_ Critical infrastructure assurance goals 



Exhibit 6-1^2. Participate Fully in Critical Infrastructure Protection 

(Continued) 

In addition there are many international aspects of information warfare that must be addressed as 
Se urfoiTtes a defensive information warfare strategy that will guide DoD operations. For 
example: 

. What international regimes currently address defensive information warfar^ and, if 
none what regimes should be created to address defensive information warfare? 

. What agreements must be in place to effectively deal with the threat if 

protect/detect/react capabilities require such activities as countermeasures, tunneling 
through other nation's infrastructures, active monitoring, etc.? 

• What information warfare actions constitute an act of war? 
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• How should IW-D concerns b6 acidr^ssfed by country teams, defense attaches, and other 
diplomats. What effect does status of forces agreements have on IW-D strategies? 

• Will the U.S. share IW-D technology (similar to President Reagan's proposal of shared 
SDI)? 

• Will there be vilification of certain types of IW attacks (i.e., against health systems)? 

• What are the critical interdependencies with other nations infrastructures (i.e., European 
financial systems)? 

• Is it possible to coordinate crisis management for information systems of global 
importance? 

Exhibit 6-12-3 shows what DoD needs from the President's Commission. 



Action: Request the President's Commission provide DoD 
(USD(P)andASD(C3l)): 

- Essential critical infrastructure protection 

- A national-level iW-D structure to include organization and procedures for: 

• IW&TA center, "911" Operations Center, "411" Planning and Coordination Center 

- Coordinated infrastructure design theory, research, principles, and guidelines 

- Incentives and indemnity for private sector participation in IW-D 

- Mechanism to adjudicate the conflicting IW-D equities 

- Consolidation of continuity of government, emergency, and information warfare 
- defense planning 

- Authority for DoD, law enforcement, and intelligence agencies to conduct 
efficient coordinated monitoring of attacks on the critical civilian information 
infrastructure (without knowing the nationality or location of attackers) 
(previously discussed under "Resolve the legal issues") 

- Procedures for DoD to provide assistance to elements of the critical civilian 
information infrastructure when these elements are attacked (previously 
discussed under '^Resolve the legal issues") 



Exhibit 6.12-3. Participate Fully in Critical Infrastructure Protection 

(Continued) 

Recognizing the difficulty of defining an appropriate role for the government and the private 
sector in critical infrastructure protection, the Task Force offers these suggested roles which DoD 
could provide to the Commission. These suggestions are based on input to and deliberations by 
the Task Force and individual panels of the Task Force. Exhibit 6-12-4 suggests such roles. 
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Action: Suggest IW-D roles for gdvernment and the private sector 
to the President's Commission (usd(P) and asd(C3I)): 

- Government 

• Legislate as necessary 

• Regulate through 

- Establishing infrastmcture assurance goals 

- Promulgating best practices 

- Certifying the certifiers 

• Preparedness assessments rdue diligence') 

• Motivate with 

- Regulatory relief 

- Tax incentives 

- Indemnification for assurance 

- Government (Continued) 

• Facilitate 

- Awareness (Informed self-protection, not government sponsored solutions) 

- Dialogue among stakeholders 

- Sharing of sensitive information 

• Threats, vulnerabiiittes, fixes, tools, techniques, intrusions 

- The "common defense" 

• Research, advice, training, back-up support, registry of knowledgeable personnel 

" Disaster assistance 

• Make use of government and private sector capabilities 

- DoD and other government emergency response teams 

- Commercial emergency response/disaster recovery/business continuity capability in 
each affinity group 

- Information protection practices Ciire brigades'*) 

- Private Sector 

• Operate and maintain infrastructures 

« Invest in infrastructures and infrastructure protection 

• Share sensitiv e information within private sector and with government 

Exhibit 6-12.4. Participate Fully in Critical Infrastructure Protection 

(Continued) 
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The NSTAC Model for GdvernmenMndustry Cooperation 

• Establish necessary programs (e.g., GETS, NTMS, TSPS, CPAS) 

• Share sensitive information (e.g., NSIEs) 

• Exchange general information (e.g., R&D exchange) 

• Review/generate requirements for security stds (e.g., NSSOG, SLG) 

• Conduct risic assessments (e.g., PSN, Eiectric Power, Finance, 
Transportation) 

• Participate in games and exercises ("The day after„^ natural 
disaster exercises. Global games) 

• Enhance awareness of vulnerabilities/threats (Outreach activities) 

• Develop principles/standards for products/services (NIITF ISSB) 

• Coordinate crises operations (NCC) 



Exhibit 6-12-5. Participate Fully in Critical Infrastructure Protection 

(Continued) 

The NSTAC model shown in Exhibit 6-12-6 could serve as a model for refining the roles of 
govemment and industry as suggested here. Sensitive information includes threats, 
vulnerabilities, intrusions and other incidents, fixes to vulnerabilities, etc. 



Exhibit 6-12-6 suggests a model as a starting point for refining the govemment and private sector 
roles. 
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Exhibit 6-12-6. Possible IW Target Protection ResponsibiUties 
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This exhibit provides another view of how the government and private-sector roles might be 
defined. It also provides the Task Force view of how target protection responsibilities might be 
assigned. The exhibit is not intended to be authoritative, but to provide a construct for discussion 
of the roles of the government and the private sector. 

Some areas are exclusively the responsibility of the owner, while others are exclusively the 
responsibility of government. It is in the areas of shared responsibility between the owner and 
the government where much work must be done to define levels of responsibility. 

6.13 PROVTOE THE RESOURCES 

Resources must be provided if a viable defensive information warfare capability is to be 
achieved. The need has been recognized in part since an INFOSEC special budget issue has been 
submitted each of the past 3 years. The Task Force has developed a rough estimate of the 
resources required to get started. The Department must make a detailed estimate. The resource 
estimates are for resources in addition to those refiected in the proposed FY 97 budget, so some 
reprogramming actions will be required for FY 97. 

The Task Force recommends that the ASD(C3D develop a detailed plan of action to implement 
the recommendations and a detailed estimate of the resource required. 

• INFOSEC "special budget issue" written past 3 years 

• Rough "get started" estimates provided - 
detailed estimates required 

• Requires 

- Reprogramming FY97 

- Programming FY98 and beyond 

ACTION: 

- Develop a plan and associated budget beginning in FY.97 to 
obtain needed IW-D capabiiity (ASD(C3I) lead) (duplicated 
froml . Designate an accountable IW focal point) 

Exhibit 6-13-1. Provide the Resources 

Exhibit 6-13-2 shows the estimated resources to implement the key recommendations. These are 
the very rough estimated resources to implement the key recommendations. The Task Force 
reviewed all of the individual recommendations categorized under the key recommendations and 
estimated to $5 million granularity what the implementation costs might be. The figures are the 
totals of the individual recommendations for each key recommendation. These resources are in 
addition to the current Information Systems Security Program and other distributed information 
security costs which in the aggregate total about $1.6 billion annually. The Department should 
perform a more detailed cost estimate. 



6-33 



Major Recommendations 


FY 97 


FY 98 


FY 99 


FY 00 


FY 01 


Totals 


1» Desisnate IW focal ooint/staff 




ff 


5 


5 


5 


25 


2. Organize for IW-D 






215 


185 


180 


965 


a. I&W/TA Center ~ 




OU 


60 


35 


30 


230 


b. rW-D Operations Center 




Dv 


iCA 

ou 


4CA 

60 


60 


275 


c Planning & Coordination Ctr 




1A 


1A 


1 A 
10 


•t A 

10 


45 


d. Joint Arch/Design Office 


25 




55 


ffA 

50 


50 


225 


e* Red Team & Ind. Assessmmtc 




ffA 


50 


50 


50 


240 


3* Increase awareness 




o5 


85 


135 


135 


455 


4« Assess uifnu depend's & vuln's 












90 


5. Define threat cond's/resnons^ 












Existing 


6* Assess IW-D readiness 




5 








15 


/ ^*KjliCA fhtfk hill* " O^OACC 

/ • AiUM? ulc Ptfr^ access concroi 


70 


90 


10 


10 


10 


190 


8. Establish and maintain MFTT 




50 


100 


100 


100 


375 


9« Focus the R&D 


ou 


75 


125 


160 


160 


580 


10. Staff fnr snrrpcs 


Iff 


65 


55 


50 


50 


255 


IL Resolve the legal issues 












Existing 


12. Participate fully in CTP 












Existing 


13. Provide the resources 












Existing 


Totals 


435 


625 


615 


665 


$60 


3010 



Dollars in MiUions 



Exhibit 6-13-2. Get Started Resources 
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SECTION 7 
SUMMARY 



In summary, the Department must tie several factors together, as shown in Exhibit 7-1. 
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Exhibit 7-1. Tie It Together 



And the Department must start inmiediately, as shown in Exhibit 7-2. Although all the 
lecommendations are important, the check marks indicate where the Task Force believes 
immediate action will jump-start the process of getting a handle on this challenge. Again, as 
pointed out earlier, the DSB has called for action on these matters in each of the past 3 years. 
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^ 1. Designate an accountable IW focal point 

2. Organize forlW-D 

3. Increase awareness 

4. Assess infrastructure dependencies and vulnerabilities 

5. Define threat conditions and responses 
sj 6. Assess IW-D readiness 

^ 7. "Raise the bar" (with high-payoff, low-cost items) 
k/ 8. Establish a minimum essential information infrastructure 
9. Focus the R&D 

10. Staff for success 

1 1. Resolve the legal issues 

12. Participate fully in critical infrastructure protection 
y 13. Provide the resources 

Do it now! 

(DSB has been saying this for 3 years!) 



Exhibit 7-2. And Start Immediately! 



APPENDICES 



Appendices are provided as background and resource informatioa They donot represent a 
consensus view of the Task Force and recommendations contained in the Appendices are not 
Task Force recommendations to the Department. Some of the appendices were used in part as 
input to the main body of this report. Other appendices are provided because they contain useful 
information for fiirther discussion of matters addressed in the main body of the report. 
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THREAT ASSESSMENT 



A.1 THE REAUTY OF THE PROBLEM 

Advances in the infonnation infrastructure and t^Xstcfufr^^^^ -t 
government itself on that infrastrucmre raise^^^^^^^ 

by the National Coinmunications Sys<»»;^«»n''»«' *f . „„d„<,ed that a 

depends on ^liable "^t^'^e^^^^^ — 

or hostile agents.** 

Sin« .hose „po«s »e« written, use of netw^ g™t '^p^Tm of 

economy at large and in the government m ^^''''^''-J^^^^^' This growing 
Defense (DoD) *P«»*--;— ^raTo'Si^^^^ <h^» <>f 

vuineraDiu^m > ^ ^ the information systems procured by DoD. 

3L^5:^o=;^^«9^^o».o^^^^^^^ 

S^re^^nt^^tS^anl^-^^^^^ ConsiderU„« 
examples as additional input: 
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us Dependence on Information Systems 

Industry increasingly reliant on communications infrastructures 

- Internet presence as of May 1994 (internet info as quoted in the Computer security Journal. 

Exxon had 261 registered networics: GTE had 228 registered networks: Boeing had 139 
regist^L'^dcsSS^nfregisterednetwoH^^^ 
Lockheed had 62 registered networks 

- "The number of users who have access to the Internet within companies is 
growing at a rate of 10% every six months." edp weeuy. by computer Age. 6 Nov 95. 

Governmental Structure of the US dependent on a tenuously 
secured communications infrastructure 

_ One switch handles aU federal funds transfers and transactions 
DoD information infrastructure is enmeshed 

- with other Governmental structures and industry and private citizens 
through shared resources of the electrical grid, telecommunications, and the 
Internet 



Trends 

On line services are a $9.6B industry growing at 100% CGR 

US Financial Institutions 

- transfer more than $1 trillion every day via computer 

- Federal Reserve System handles more than 24.000 wire transfers per day 

- KiBhtttgCiiyPaper.Vol4.Na34.Aug««2*-30.1994,pp8-9 

Intel Chairman Andy Grove predicts that by the end of this 
decade. PC sales will surpass 100 million units woridwide - moils 
than sales of cars or TVs. 

. Etil iBlMBsen. -SmaU ComT"""-" IEEE Speomm. tottay !««. ^ 44 

By 1993, 32.7% ofUS households had a personal computer 

. MMviDSiitn.CMU 

12 million copies of Microsoft Office have been distributed 
worldwide as of December 1995 

- Mk30WftCofpoiaii«iAainial Report. 1995 



A.2 ASSESSMENT OF THE THREAT 

In today's information intensive environment, the information warfare threat can come in many 
forms. The challenge in evaluating that threat, and the W0P"ate level of P^^^^^^^ 
t«soonse has been in sotting out the actual from the perceived, and determinmg the potential ror 
SEtVeSp^ents Gorier to adequately assess this threat, the Task Force divided the subject 
into three categories: 



What is known— the validated threat. 

What is suspected-wnds, indications, and the assessmem process. 
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• What is unknown— potential events based on existing capabilities. 

These threats to the National and Defense Information Infrastructures vary greatiy in terms of 
intent, sophistication, technical means, and potential impact. The threats can be categorized mto 
the following groups: 



Incompetent, inquisitive or unintentional blunderer; mischief makers and pranksters. 
Hackers driven by technical challenge. 

Disgruntied employee, unhappy customer intent on seeking revenge for some perceived 
wrong. 

A crook interested in personal financial gain or stealing services. 
Major organized crime operation interested in financial gain or in covering their crimes. 
Individual political dissident attempting to draw attention to a cause. 
Organized terrorist group or nation state trying to influence U.S. policy by isolated 
3ttdclcs 

• Foreign espionage agents seeking to exploit information for economic, political, or 
military intelligence purposes. 

• Tactical countermeasure intended to disrupt specific U.S. military weapon or command 

system. 

• Multi-faceted tactical IW capability applied in a broad orchestrated manner to disrupt a 
major U.S. military mission. 

• Large organized group or major nation-state intent on overthrowing the U.S. by cnppling 
the National Information Infrastructure. 

Based on validated incidents, some of these threats clearly exist today. Others are less certain, 
but can be estimated based on available technology and analysis of conunuing trends m 
development. An estimate of the likelihood for each of these threat categories is shown below. 

IW Threat Estimate 



Validated 
Existence 



Existence 
Likely but 
not Validated 



Beyond 
2005 




Widespread; Ls] 



mmaim 



The information throughout this Appendix was compiled from unclassified sources and briefings 
received by the DSB from subject matter experts within the Department of Defense, and 
throughout the civilian sector. 

A3 THE VALIDATED THREAT 

IW-related incidents date back to the mid 1980s with the growth of personal computers on a 
worldwide scale. 





IW-Related Incidents 






Hanover Hackers. 


late 1980s 


• 


Software time bombs in Public Network switches in 






Denver, Atlanta, and New Jersey. 


mid-1989 


• 


Dutch teenagers intrusion into Pentagon computers 


Nov 1991 




during the Gulf War. 


• 


Rome Labs INTERNET intrusions. 


Apr 1994 


• 


Organized crime attack on Citibank. 


Aug 1994 


• 


INTERNET Liberation Front: 22-man group; 


Dec 1994 




4 currently indicted. 


• 


Numerous other hackers apprehended and awaiting 


Ongoing 




prosecution (e.g. Mitnick, Poulsen). 


• 


Sniffer programs found on all major INTERNET providers. 


• 


MCI Communications switch penetrations. 




• 


USAF Captain hacks into U.S. Atlantic Reet ship 


Sep 1995 




computers as a test of system vulnerability. 




There Really Is A Smoking Gun 









The well known case involving the Hanover Hackers is one of the first recorded incidents and is 
considered to be an example of hacker activity performed for the challenge of gaining entry into 
someone else's system-without malicious intent. 

Although most Public Network (PN) attacks are aimed at accessing other systems, or avoiding 
toll charges, the software time bomb attacks indicate that denial of service was the objective. 
(Note: References are at Attachment 1 to this Appendix). In the case involving Dutch teenagers, 
sensitive information related to U.S. war operations during Desert Storm was modified or copied. 
Access techniques used in this case included INTERNET and other networks.^ The Rome Labs 
incident is another highly publicized case which eventually revealed that over 150 INTERNET 
intrusions had occurred between 23 March and 16 April 1994. The intrusions were 
accomplished by a 16-year old British hacker and an unknown accomplice. Several research 
programs and systems were compromised through the use of Trojan Horses and Network 
Sniffers. The individual was eventually apprehended by Scotland Yard, and is awaiting 
prosecution.^ 

In the 1994 attack on Citibank, an international crime group used the electronic transfer system 
and the international phone network to gain access and transfer approximately $12M to their own 
accounts. Prosecution of individuals apprehended in Russia and several European countries is 
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pending at this time.* In December 1994, a group known as ^^J^^J Liberation Front 
^TZgcd with stealing phone net data, performing INTERNET attacks for money, and 
levd^ment of highly sophisticated attack tools. Numerous phone, -^o™^™-^^^^ 
INTERNET providers were attacked, including some government systems There f a 
™al irSemational component to their activity based on /"^^^^^^ 
countries.^ The MCI incident involved an engineer who electronically collected 60,000 calhng 
c^d nimbers and sold them to an international crime ring. To accomplish this task, the 
LS^l penetrated several barriers which could have shut down the switch for a prolonged 
period.^ 

A final example is a case involving a programmed test of electronic systems vulnerabilities^ An 
LXc^er remotely entered fte command and conuol system of a slup at sea. through use 

a s^darf ™ter, INTERNET connection, and the E-mail system onboard the ship. 
fcciTiSutSlip navigational control systems which could have effected shtp performance 
or response to guidance commands. 

The cases listed here are certainly not an all-inclusive list. They do support an alarming trend 
towXidetptad vulnerability on a case by case basis. The major concern involves what he 
lenti^^^^^^^ would be if Le types of attacks were coordinated to occur simultaneously, or 
if the tools and techniques used were applied with a more subversive mtem. 

A.4 THE SUSPECTED THREAT - AND THE ASSESSMENT PROCESS 

In order to more clearly identify the suspected threat, the Task Force considered ^ anety^f 
sources for analytical support, and paid particular attention to some of the more detailed threat 
and vulnerability assessments accomplished withm the last year. 

Tlie Defense Information Systems Agency (DIS A) conducted an extensive v^lnerabil^ 
asLment of government network systems in 1994 and 1995. A summary of the DISA focus, 

and findings is shown below*: 

IW Assessments - DISA Report 

0) wloptaS the IirfcmMllon W«fa« D«l«»e A DISA P.isi»cthr«.^I^ 

Focus: 

• DISA ability to support defensive information warfare (DIW) 

Initiatives. 

• Assessment of vulnerabilities. 

Fmdings: 

. DISA is organized to effectively support DIW mitiatives. but lacks 

personnel and funding in many key areas. 
. It is estimated that DoD is attacked about 250,000times per year, 
birt only 1 in 500 attacks are detected and reported. 
_ DISA assessment verified that less than 5% of all attacks are 
ever detected, and of those, less than 3% are reported. 
Mn«t damaaing attacks come from insiders, but hacker tools 
" comm3y available on the Internet are capable of intrudmg on 
a majority of DoD systems. 
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The result of this report was ah increased iwareness of a growing problem, but the mmaJ actions 
were p^^ly focused on security awareness training, and increased t«:mng for Locd A^a 

managers. Indications from DISA are that numbers of reported attacks remain at 
single digit percentage levels, and the problem conunues to grow. 

At the request of Congress, the General Accounting Office (GAO) conducted an ^sessment, 
with the Report published in June, 1996. A summary of the GAO focus, findings, and 
recommendations is shown below : 

IW Assessments - GAO Report 

a«fonn.llonS«urity:Co«p.terAtudc...Dep«tm»t«fIXf.ns.Po..ln«easingI«sk*,22J^ 

Focus: 

. Potential tor further damage to DoD computer system*. 

. owrtlengesDoOlaaw in securing sensitive information on MS computer systems. 

f'^oiD^lies on a complex intom«rtlon Infrastructure to design ^PO^^JS^ 
SMk1n^tOTeSrpaysoldiere.mobili2e reservists, and mana^ 

. So^n2lJit;«h-ncecommunlc«lon.ndlntorm^^ 

DoD exposure to attack. 
. DoOintermattonlsuncIasslfled.butltlS8ensltlve.andshouldlH,p«tecte^^^ 

. DISA estimates that DoD IS attacked about 250.000 times per year, but only 1 mSOO 
svstems and shut down entire systems and netwoms. 

responding to incidents, or assessing damage. 

(Continued on next slide) 

Recommendations: 

. Develop departmentwide policies for preventing, detecting, and responding to 
attacks, mandating the follo%ving: 

- Report all security incidents within the Department 

- Perform risk assessments routinely. 

- Correct vulnerabilities and deficiencies expeditiously. 

- Expeditiously assess damage from intrusions to insure integrity of data and 
systems compromised. 

. Require military services and Defense agencies to u^^ 
monisms to Increase awareness and accountability. 

• Require trained Information system security officers at ail installations. 

• continue developing and cosl^ectively using departmentwide network 
monitoring and protection technologies. 

. E^"L L incident response capabilities within ™S^ "j"'?^^^"^ 
tt» Defense agencies to ensure that they are sufficient to handle the projected 

. Ttoicrelarv should assign clear responsibility and accountabHity within OSD, 
ISSyS^SSl and Defense agencies for ensuring 
implementation of this computer security program. 

Results of this report have been forwarded to the Senate Armed Services ^onimittee an^ouse 
Committee on National Security ; the Senate Committee on Appropnations^ Subco 
Defense, and the House Committee on Appropriations, Subcommittee on N^^;>"^ ^^^^ 
Senate Select Committee on Intelligence and the Permanent Select Committee on Intelligence. 
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the Secretary of Defense; the secretaries of the military services; and the Director, Defense 
Information Systems Agency. 

The report concludes that there are significant risks based on these findings: 

• Defense cannot locate or deliver supplies promptly without property functioning 
inventory and logistics systems. 

. Defense relies heavily on computer technology^ especially a network of simulators that 

emulate complex battle situations— to train staff. 
. It is impossible to pay, assign, move, or track people without globally networked 

information systems. , r j 

. Defense cannot control costs, pay vendors, let or track contracts, allocate or release funds, 

or report on activities without automation. 

• Defense systems handle billions of dollars in financial transactions for pay, contract 
reimbursement, and economic commerce. 

According to the FBI and Defense Investigative Service (DIS), high technology and defense- 
related industries remain the primary targets of foreign economic intelligence collection 
operations. This finding continues a trend reported in the 1995 Annual Report The most hkely 
industry targets of economic espionage and other collection activities dunng the past year include 
the following areas, most of which are included on the 1996 Military Critical Technology List 



(MCTL):^* 



Advanced materials and coatings 

Advanced transportation and engine technology 

Aeronautics systems 

Aerospace 

Armaments and energetic materials 
Biotechnology 

Chemical and biological systems 
Computer software and hardware 
Defense and armaments technology 
Directed and kinetic energy systems 
Electronics 
Energy research 

Guidance, navigation, and vehicle control 

Information systems 

Information warfare 

Manufacturing processes 

Marine systems 

Materials 

Nuclear systems 

Semiconductors 

Sensors and lasers 
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• Signature control 

• Space systems 

• Telecommunications 

• Weapons effects and countermeasures. 



According to a DIS summary of suspicious contacts reported in FY95, entities associated with26 
foreign countries displayed an interest in 16 of 18 technology categories listed m the new MCTL. 
The U S considers all of the above industries to be strategically important because they produce 
classified products for the government, produce dual-use technology used in both the public and 
private sectors, or are responsible for the leading-edge technologies required to maintain U.S. 

*^ . .. 10 

economic security. 

FBI Director Freeh provided the following five examples of foreign targeting activities in his 28 
February 1996 statement before the Senate Judiciary and Intelligence Committees: 

• One foreign government controlled corporation targeted U.S. proprietary business 
documents and information from U.S. telecommunications competitors. 

. Another foreign competitor acquired the technical specifications from a U.S. automotive 

manufacturer. . .t « 

• In violation of U.S. export laws, a foreign company attempted to acquire a U.i>. 
company's restricted radar technology. 

• Several U.S. companies reported tiie targeting and acquisition of propnetary 
biotechnology information. 

• One U.S. company reported the foreign tiiefl of its manufacturing technology regarding 
its microprocessors. 



Types of U.S. government economic information-pre-publication or unpublished "insider- 
data— of special interest to governments and intelligence services include: 

• Bid proposals 

• Economic, trade, and financial agreements 

• Energy policies 

• Marketing plans 

• Price strucmring • . u ttc 
. Proposed legislation affecting the profitability of foreign firms operating m the U.S. 

• Tax and other monetary policies 

• Technology transfer and munitions control regulations 

• Trade developments. 

Three additional case studies were reviewed by tiie Task Foree mvolving a «>"*^* ^ ^^^^ 
city, a rail traffic control center, and a 1996 Federal Aviation Admmistration (FAA) vulnerability 
assessment. A sunMnary of the findings: 
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• Port City Assessment: 

- Identified single point of failure for instrastructures supporting 
military mobilization and deployment 

• Rail Traffic Control Center Assessment: 

- Central control switching facility for east coast rail traffic. 

- Potential contributor to problems resulting in fatal Maryland 
rail collision of AMTRAC and MARC trains in fall of 1995. 

• FAA Assessment: 

- Not vulnerable today due to antiquated systems, limited 
networking, and proprietary software. 

- Upgrades will lead to vulnerabilities due to widespread use 
of COTS technologies and increased networking. 



Details of the assessment which could impact deployment of units and follow-on forces which 
rely on transport out of the port terminal region are provided in Reference 13. Investigation of 
the AMTRAK - MARC collision indicated human error, but vulnerabilities were detected in the 
control center, making it a potential single point of failure for exploitation. The FAA 
assessment, provided in briefing form to the Task Force in June, 1996, concluded that even 
though vulnerabilities were likely to grow, financial realities restricted the ability to plan 
protective measures into proposed upgrades — until mandated, or in worst case, following a major 
incident. 

A,5 ARE WE AWAITING AN ELECTRONIC PEARL HARBOR? 

The trends seen in development of intrusive tools on the INTERNET, growth in hacker activity, 
and related incidents cause further concern. A summary of recent trends is given below: 

IW Trends 

• Open availability of intrusion tools. 

- SATAN made available to the public, April 1 995. 

- Rootkit: Recently available, used to mask intrusions. 

• Continued growth of hacker activity: 

- Masters of Deception: Programmed attacks on phone companies. 

- Legion of Doom: Phone switching/billing, and credit card abuses. 

- Poulsen/Mitnick/Shadowhawk: Phone, system access, computer 
code abuses. 

- 5 hacker group break-in of computers at University of Washington, 
Bank of America, ITT, and Martin Marietta, (1993). 

- Operation Moon Angel: Federal agents arrest 74 hackers 
nationwide for unauthorized entry into business and government 
computers (April 1995). 

• Continued growth in reported computer crimes: 

- Academy of Criminal Justice Sciences Study indicates that 98.5% 
of participating businesses had been victims of computer theft or 
attempted theft. 

• Cell phone cloning 

• Terrorist acts: World Trade Center Bombing. 

Tools: The NSTAC Assessment of Risk to Security of Public Networks reported in February, 
1996 that SATAN, the Security Administrator Tool for Analyzing Networks, scans and reports 
system vulnerabilities, which if improperly used, could enable system attacks. It was made 
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openly available on the INTERNET in April, 1995. The report also identifies Rootkit as a tool 
which falsifies data, making detection of intrusion difficult even with state-of-the-art technology. 
Rootkit is also openly available on the Internet 

Hacker growth: Additional case study information is provided at Attachment 1 for first three 
listings. In the case of the 5-hacker group, one raid wiped out data on the Learning Link, a NYC 
public television station computer serving hundreds of schools.^ The Moon Angel offenses 
included breaking into NASA computers controlling the Hubble telescope, and rerouting calls 
from the White House.^ 

In October, 1995 New York officials made arrests in what was declared the largest cell phone 
cloning operation in the country. Estimates are tiiat over 27,000 phones were cloned within a 
seven month period at an estimated loss of $L5M per day in cell phone revenue nationwide.- 

Finally, consider the World Trade Center bombing as a case which might be a good example of 
physical versus virtual attack: Twin tower, 1 10 story building; 50,000 workers and 80,000 
visitors daily vs. Global marketplace nerve center, many City/State/Federal offices, several 
international office, $3M phone switch station, telecom for Wall Street to the World. 

These trends are cause for a growing concern — the unknown threat, and the potential for an 
attack having strategic significance. 

A-6 THE UNKNOWN THREAT - POTENTIAL EVENTS BASED ON EXISTING 
CAPABILITIES (THE DEVELOPMENT OF A STRATEGIC THREAT) 

Existing, easily acquired capabilities make the potential for an attack having strategic 
significance a reality. The most common capabilities for IW-related attacks are, by themselves, 
often seen as more of a localized nuisance, rather than a strategic threat. When applied in a 
coordinated attach however, the results are far more widespread. Consider the Nth order effects 
in the following example from Col Charles Dunlap's essay, "How We Lost the High-Tech War 
of 2007", published in The Weekly Standard, January 29, 1996: 

The Setting: (The year 2007): 

• Downsizing and cuts in military infrastructure are "off-set" by information technology. 

• COTS technology used widely by U.S. and her adversaries. 

• Open architecture provides information equality - not information dominance. U.S. 
insistence on open architecture leaves sources of information readily available to 
opponents - News media is a particularly valuable source. 

• Warfare has become even more savage - not cleaner, more high-tech. Televised atrocities 
and deaths of U.S. troops become a tool of adversaries to sway public opinion. 

The Indirect Attack - U.S. C2-Protect efforts are successful in countering direct attack - 
leading adversary to indirect attack with many Nth order effects: 
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• Mexican economy attacked - computers corrupted on a massive scale 

• Counterfeit electronic pesos flood Mexican bank accounts 

• Hyperinflation; economy collapses 

• Refugees flood into U.S. 

• Call for troops to be brought home to face domestic situation. 

The technologies required to perform this these types of attack are available today. The issue of 
whether or nor they comprise a strategic threat is more a matter coordinated timing. Some may 
come in the form of a simple attack on a target identified as a single point of failure: 

Simple Attack 

Scale of Impact 
From Attack 




Easy Ease of Attack 



Relative Ease with which Attack Could be Done 



A more complex, coordinated attack takes on a multi-dimensional nature: 
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In either of these cases, the timing of the attack is what in fact may have made it strategic in 
nature. Consider the port city example:'^ 



• A power outage, communications failure, or road/rail disruption would be an 
inconvenience to citizens on an average day. 

• However, these same incidents coordinated to occur at the peak of Desert Storm 
deployment could easily have constituted a strategic threat which would have altered 
arrival of troops and equipment which played a critical part in the outcome of the war. 

• Combine these with the previous examples of attacks on Pentagon computers, Rome Lab, 
Citibank, and the MCI switch, and the result is widespread loss of confidence in the 
government's ability to respond to problems both at home and abroad. 

To demonstrate the relative ease of achieving an IW capability, the Threat Panel prepared the 
following table: 
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As an example of a country heavily involved with developing their own capability, consider 
Russia. Of the 15 categories listed, Russia has a significant capability in seven categories, and a 
good capability in four (total: 1 1 of 15). These developments continue, even in the face of 
widespread economic difficulties. More importantly, almost any nation is capable of developing 
significant Information Warfare capabilities. Unlike nuclear capabilities, however, IW is 
relatively inexpensive, and quick to obtain, given the volume of available markets. Thus, a 
country such as Iran could acquire a strategic capability to threaten the United States without 
requiring a significant investment, or a long-term development cycle. 
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A.7 THREAT CONCLUSION 



In order to best understand the significance of a potential IW threat, we must consider the often 
opposing views of infomiation security between the private/commercial sector, and the national 
security view: 



Meiging Two Views On Information Security Into One 

(ConceptocxpiSacd in NSA briefing 'Coring Infonnation Superiority for the 21at CenhirsT, presentee 
«i.onoep» «pi«»c ^ Minihan at NSTAC sewion. May 19%) 

National Security View: 

• Protection of infonnation has intrinsic value - National interest 

• Cost of compromise difficult - can be life threatening. 

• Risk avoidance approach is traditional response. 

Private Sector / Commercial View: 

• Cost of doing business - pass the expense on to the customer. 

• Countermeasures have a definite expected value. 

• "Insurance** approach is the traditional response. 

National and Private Sector Information Security Are Now Inexorably 
Intertwined: 

• Zone of cooperation is emerging. 

• Risk management approach is needed. 



Strategic Sanctuary Is At Risk 



The private sector has viewed IW as a cost of doing business that was often passed on to 
customer. The national focus still struggles with the concept of what constitutes a strategic 
threat. The response has been to avoid risk rather than nianage and anticipate it. A zone of 
cooperation is now emerging which must be better defined: 

• Where do protection, detection, and response responsibilities lie? 

• Risk management rather than risk avoidance is a critical step. 

These issues are at the heart of the defensive information warfare issues. 
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APPENDIX B 
INTELUGENCE EXPLOITATION ARCHITECTURE 



I„«llig«ce communities. Several cons.sKn< te^s Jf „f ^ ..peace Dividend," 
i„ wMch we live, the ^ha«ges » "h^aU to t^^^^^^ ,„,„^,,„„, ^, has 

and our concomitant expanded gloWvts™^^^^ 

become a precious commodity to *« U;^^^ optimized for yesteryear. Even though we 

analytic and information integration capab.hnes 0P°™ ^^^h as from networlced 
Sy need specific intelligence collects m a number of ^at we do 

ysS.s such I the INTERNEr and other ~dSemU often horizontal, 

^effectively exploit all of the datatow^^^^^^^^^ 

in analytic resources inc«ase *e „„, our information processing 

"aS^^-SwrLtofproblems. 

UsuesrelatingtoIntelligen^Con™^^ — 
processes, strengthened IC Issue Manage^^^v,^^^^^^ 

strategies, and developing areas of K busmess • J ^ „„„ „ ^e larger number of 

proposed. ^ 

^„Mth the Secretary of Defense, should create A 

Th. Director of Central Intelligence, m conce^ with Sec ^^j^^.^,, ^^uld lead to the 
New Vision" for intelligence ^^^^'f^^'^^tl^^ Architecture which, over time, would 

r^:;itrc^y-t.e^— ^^^^^^ 

Community. 

Why do weneedthisNew Vision, B«a^-«^^^^^^^ 
cJiedandbuiltduringaperiodinwh^^lyJ^^^^^^^^ 

implemented; andthusW^fo^^fi^^^^^^^ 
::fa^r^SX~withcharacteHstlcssuchas: 

. known geography and political boundaries 
: S:::;'mTn^orrtities,forces,units,etc. 
: iSZ,t^r:a:rrr:vo.ving,n.li.arycapabUities 



- known goals and objectives 
• known cultures and ethics 
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. parametric and ote signamre characKristics known » and largely exploitable by our 
. ::l!Si^tre«abl,sheddatabases,da.adic.ionariesa„dproc.ss,„g techniquesto 
exploit and analyze observables. 

In relative terms, this was a fairly static target set for many years. 

Our.orldbasohans...U.e«^^^^^^^ 

rsr.^:S"nrbZourini^^^^^^^^ 

for globally based intelligence dynamo .n n».«^^^ 

exploiution of open sources and networks m a f ™* "T^^ However, IC access 

addressed as part of the NIEA. 

...esUo^tedthattheNationallntemg^^— n^^^^^^ 

^ruru^riil^STreTtXA^ 
budget for advanced computational technologies alone. 

Sectute over the next decade. Why would we wish to do so? 
Hrsuourdran^ticallychangedworldhasbeenexa^^ou^^^^^^^ 



time. 



second, hardware ^ software technology ^^.^^^^Zf^^C^^^c 
open systen^ that have » ^gh degr^ of .n^^P^l^ -^^^^ ^ 

rs;:=rrn.=S^»XXsing«,uire»ents^^ 
advantage of rapidly developing technologies. 

• „™„rtrhas budgeted) a larger amount on information technology per 
Third, the NHP is f ««<g "J"^*^ ™X. there is neither a cohetent architectme, nor 
year, but ma '"fl^ZZa^^ '^"''^ » " ™^ '° ^ 
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^..oiunt TT develooment activities occurring in the IC. 
„,«a sys«in. Surely *f ^-^r^^^ fta^woT^wherc we need to be in *e 21s. oenmry. 
These should contmue. but m the ^"^'^^"^^^^ development activity as proposed 

j:M;vT„g".sis'on::^c^^^^^^^ 

HowwouldthiswotK^^e-NewVUio^^^^ 

by enforced building codes (stand^s, ^'^'^ by the experience of, for 

Jtivities v,culd be parsed to specific process and the 

example, DoD's experience in P^iT^^Zi^oZ a center of excellence for a 
development of the GCCS. "J' .'^^'^^UtS^^^^ framework of ti.e architecmr. to 

^riSst;^:^."^^^^^^^^^ 

agencies. Let's take but a few examples: 

«ii rT A and NSA areuably have the preponderant IC 
. Text processing is crucial to us^l. , Jth ^^^^^^ 

capability and interest. Each of them ^^f^^^,^ '^^^^^ and thence the 21st 

text processing capabilities which would buUd f^ Z ^XcoM^-^^^ information. 
centSry capabilities we need ^,^P^^" ^P!;^^^^ large amounts 

CIA, for instance, might be asked to concentrate on data J ^ ^j^^ 

. ImaseprocessinsinaUofitsf^v.^P^i.»^^^^ 

ceU. Thus the new National to handle the huge 

developing ti.e technology. "'^S"™^^^ 'P^*°™° ™' " 

must lay the groundwork today for that fumre. 

. OAl.Amish..ogically.^.-^--f^^^^^^^ 

integration of systems and ^^^^^Jf °f '^^^^^ these include decision aids, 

i^gence and support a collaborative community of effort. 

u „^„ld be strong emphasis on exploiting and integrating technology 
In each of these cases, ^^^J^^^^^^^^^^ Salomon Brothers are but two 

from the private sector as ^f^J/^.^^ in advanced information technology. We need to 
firms investing hundreds ^^^T^^'^^^^^^^ research and development so as to leverage 
assess where the pnvate sector w^^ F^^ J^^^^^^ ^^^^^ ^oDoD needs and for 

those developments and conserve our s 
integration of commercial technologies. 
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Over time the IC could develop a series of interoperable systems which would be less expensive 
and more ^wwerful by several ordere of magnitude for the 21st century, than if we proceed during 
the next decade in the same mode as the last decade. 

The Intelligence Community will have to change in response to the NffiA. Carrying out the 
initiative may require a more highly centralized focus on information systems that are both 
within individual organizations and across the IC as a whole. Long-debated plans for Central 
Information Services Offices may have to be implemented to create the budgetary resources and 
organizational authority needed to guide an internal information revolution. A Central 
Information Council may be needed at the SECDEF/DCI level (perhaps to include other 
government agencies) to establish policy and to guide the IC to focus on common interests. 
Whatever organizational reforms are taken to ensure the success of the mittative, change will be 
needed to break down resistance to change, shift established patterns of investment, and enforce 
a high degree of cooperation and interoperability. 

• Investments in information systems must be shifted from operations and 
maintenance of existing, slowly-evolving systems to the development of more powerful 
and adaptable systems that are the focus of the initiative. 

• Higher levels of cooperation and coordination between the collection, exploitation and 
analytical communities are needed to support the dynamic, uninhibited research 
environment envisioned in. the initiative. 

• An unconstrained research environment will break down the isolation of analysts from 
each other and the policymakers and encourage the integration of military, economic, 
ethnic political and technological factors in analysis. Analysis standards must be 
established and enforced throughout the IC to avoid "tabloid" intelligence reportmg and 
to ensure the presentation of sound, but divergent views. 

The most difficult part is to make the decision. To commit to a road map of information 
technology which will become the exploitation and analysis meta system (or system of systems) 
of the 21st century. The target environment is an integrated, yet highly distributed, 
heterogeneous IT infrastructure which— over time-^ill permit an individual in the Intelligence 
or Defense Communities to query this information environment (much as can be done today on 
INTERNET) The responses would be relevance ranked and presented in a contextual 
framework pertinent to that particular user. Thus, military commanders/CINCs, acquisition 
managers, intelligence analysts and a myriad of other users could gain access to the most 

comprehensive and broadly based information and intelligence available. Sure secunty is both 
an issue and a potential problem. Keep in mind that we are talking about the system for the 21st 
century and many of the security issues of today will be resolved either procedurally (a la the 
Joint Security Commission Report) or technically through protective hardware and software. 
Figure 1 illustrates the concept whereby an individual seeking information "goes fishing m the 
sea of data," The system would understand some of the context firom which the query was made, 
and as the user asked additional and clarifying questions, the system builds more and more 
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people use their phone or credit cards. 

What the User Needs 

An easy capability to extract information related to his protjiem from the rnass of 
dat^natl^na. and etherise) available on distributed problem solv.ng networi« 




Figure 1. 



B-5 



Figure 2 illustrates the distributed nature of the component systems. They could be spread across 
Washington, the country, or the world. The key is that, like the INTERNET, the user does not 
have to know where information is stored in order to retrieve it! His query will seek data through 
the network of servers/routers/switches that dynamically interface the systems. Although today's 
INTELINK is a significant improvement over a couple of years ago in accessing intelligence 
from remote, distributed agencies and commands, it relies on pre-identified and indexed 
intelligence. What we need for the future is a system that aids the user in finding "unknown" 
information. 



An Integrated Architecture 




Agendes/Commands 




Figure 2. 



B-6 



Figure 3 shows how an integrated interactive multi-media workstation would have (or access) 
decision aids, correlation and fusion aids and visualization tools to provide the user the most 
pertinent and timely information. There is no intent to create and keep current monolithic data 
bases from which searches would be made. Data bases, as we currently know them, are 
necessary but hardly sufficient for our 21st century purposes. More about that shortly. 



Concept for an Integrated Interactive Multimedia 
Distributed Exploitation and Analysis Network 



» Generic Information Integration System 
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Knowledge J 
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Figure 3. 



A powerful aspect of this proposed National Intelligence Exploitation Architecture is that this 
identical infrastructure could support all of DoD, or all of the government. The tools, technique 
technology and integration required to build and implement this system, need only to provide 
access to the data sources others might need to serve all of DoD or all of Government. Surely 
there would be requirements for domain specific tools, decision aids and presentation umque or 
nearly unique to particular user communities. But the underlying infrastructure would be as 
widely applicable and robust for all, as is the INTERNET today and tomorrow. There is m^m 
the DoD a Common Operating Environment (COE), used principally as the core of the GCCS 
and some other C2 systems. This may offer a starting point-a building block-from which 
design the NIEA. 
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Surely many of the issues associated Witti the Successful implementation of this architecture seem 
intractable today. A great deal of technology R&D and technical development must be 
accomplished and integrated over time to achieve these goals. This is a journey we believe is 
absolutely essential. Our existing "stovepipe" systems were built with old technologies under 
different paradigms. We have a new world, and a new paradigm for sharing information — most 
of which will now be unformatted, in contrast to most information in existing intelligence data 
bases. 

Most of the existing analytical support systems in use today deal with three major types of 
information in various storage sizes (e.g., megabytes to terabytes). The information types are: 

• Fixed-format database - file, record, field with predefined field sizes and attribute names. 
Collected data which cannot be fitted within the existing data definition must be 
discarded, since there is no way to store and retrieve it. 

• Free-form text databases - unformatted messages, open source materials, etc. 

• Pictorial or graphic databases - graphics, imagery, etc. (Note: these are largely still 
images, with limited animation or video.) 

Enormous effort has gone into developing automated systems to support filing collected 
information into one of these types such that it can be queried, retrieved, and disseminated using 
existing (circa 1980) indexing and database technology. The "New Worid Order'* and the 
emergence of new database types such as analog and digital video, voice, and new National 
collection capabilities are generating a need for tools and techniques for dealing with extremely 
large data vaults. 

The term data vault describes a repository of data of information in a multiplicity of formats - 
Boolean, single character, character string, or numeric fields; free-form text; and "blobs" (Block 
of Bytes). Blobs can contain images, digitized audio, video, etc. Dealing with data vaults of the 
magnitude which we can now collect will require substantial innovation in relational and/object 
oriented database storage, indexing, and retrieval that are needed are: 

• High speed, high volume storage and retrieval, including full automated stuffmg of 
formatted databases from text messages and packed parameterized data streams. 

• Automated means of storing, indexing and accessing blobs of non-textual materials 
(graphics, imagery, video, etc.) by content. 

• High speed data transmission of the contents of entire data vaults or subsets thereof. 

• Super high performance object database systems. Automatic format recognition and 
transformation. (Simple example: PICT to TARGA and the reverse. More complex 
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examples: Rembrandt or PictureTel to Fractal or DVI and reverse. Model 204 to SQL 
and Back.) 

• "Profiling" of non-textual materials better than the way we now do text and messages. 



• Fully automated formation of hyperlinks. 

• Case Frame of Concept-based retrieval. 

• Intelligent User Assistance Agents ("knowbots"). 

• Self Organizing databases (especially text, imagery, video, etc.). 

• Superior query techniques for sporadic users who are not (and do not have time to 
become) data retrieval specialists (see next section). 

• All of this within a secure environment (classified and unclassified). 

There are a number of systems under development which may attack some of these issues. For 
example, EOSDIS will collect, store and make accessible on the order of terabytes a day. 

Refer back to Figure 1 which illustrates the capability needed for die user in response to the 
explosion of dissimilar information to which we have and need access and understanding^ The 
technologies cited above can be referred to as those necessary to provide Distnbuted Problem 
Solving (DPS) capabilities to intelligence analysts and others. 

While we attempt to attack the multi-source correlation and fusion problem with the automation, 
we often overlook the finest and fastest correlation system available - the human eye ear, and 
brain. Further, almost since the beginning of application of ADP technology to mteUigence 
problems, analysts have asked for a "smart map." 

nie third fundamental piece of the puzzle is finding ways of displaying complex and voluminous 
disparate data streams such that our premier correlation tool can visualize tiiem. A true smart 
map is one presentation approach, to which almost any analyst can relate. Some of the features 
included in smart maps would be: pan and zoom, movable viewpoints, active regions, alerts and 
alarms, validity representation and so on. 

In addition to these smart map capabilities, we need better ways to visualize dynamic phenomena 
such as occurrences of scenario events with respect to time, and to integrate temporal and spatial 
relationships in displays, operations clocks, etc. These need to be inte^ted with die smart map 
display with corresponding active regions on the timeline displays such that the analyst can 
access die same information from either place. Display techniques are needed to allow 
visualization of problems witii dimensionalities higher than four (diree-space + ume). 
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Additionally, efforts in voice recognition technology could minimize keyboard entry of database 
and knowledge base input and queries. 

The technologies cited above (and a number of others such as imagery processing, compression 
techniques, interactive multi-media, etc.) represent a panoply of capabilities, some of which are 
far more attainable or cost effective than others. Some are more likely at the end of a decade, 
others reasonably soon. Much of the needed technology is being developed, or will be developed 
in the private sector. Systems for voice recognition and understanding are already replacing 
commercial telephone operators; office work stations are already taking dictation; personal 
computers are translating scientific journals from Japanese into English. Image understanding 
systems are being used to read x-ray mammograms and inspecting cell cultures. Advanced 
computer systems are being used by commercial airlines for resource allocation and logistics 
planning beyond human capabilities. Other applicable commercial developments include 
worldwide, point-to-point voice, compressed data, and even encrypted conmiunications for 
cellular phones and the INTERNET. The entertainment industry is investing huge sums to 
develop new wideband data distribution systems (i.e., high definition television) and direct, 
digital broadcast satellites.) These are all technologies which are directly applicable and will be 
developed far faster by commercial industry than by the government. 

These technologies need not be developed twice. The trick, or course, is to pick the right ones; 
fit them into a critical path, and integrate them into the National Intelligence Exploitation 
Architecture. This drives us to realize that integration, per se, is becoming and must become a 
technology in its own right. Advanced integration tools, techniques and testing require 
significant development. DARPA, in concert with the private sector, is the obvious candidate to 
tackle these issues. 

The challenge then for the Intelligence Community (the DCI and SECDEF) is to: 

• Develop the "New Vision.'* This should be accomplished working with the customer 
base to derive a set of design objectives for the National Intelligence Exploitation 
Architecture. Next, 

• Develop the basic system architecture road map; evaluating various technologies and 
approaches, and then 

• Create a detailed program plan to implement the infrastructure, and 

• Make needed organizational adjustments to ensure the program is carried out. 

It is believed that adequate funds are present in existing NFIP (with partial DARPA support) 
budgets to support this architecture. Success would take commitment to a coherent road map and 
parsing varied development activities to agencies which would essentially become centers of 
excellence for varied components of this architecture. This program provides the framework for 
our 21st century intelligence exploitation and analysis support to government. 
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APPENDIX C 
A TAXONOMY FOR INFORMATION WARFARE? 



Taxonomy: . 

1. The classification of organisn>s an ordered system that indicates natural telauonslups. 

2 nie science, laws, or principles of dassificaUoKsysteroatics. 

3 Division into ordered groups or categories: "Scholars have been laboring to develop a 
taxonomy of young killers" (Aric Press). 

[French taxonomie: Greek taxis, arrangement; see TAXIS * -nomie, method (from Greek - 
nomia; see -NOMY).) American Heritage Dictionary 

rS^wth'r ::^c~:X^stapartic„U^^^ 
Z~ r^vln of the taxonomy is discussed latter in this Appendix. 

However, by adopting concepts '""'.'"'"^^l^^^tlTl^vS^ to^^^^^ 

s^^j:rs':^sr:L"rr:di"x^«^ 

S!;S;,:^Spendentprocesses.wasdevelopedforinfonnaUonwa,faredefense. 
Suchatailored warning, assessment andreportingsys^^ 

each civil agencies and 'r'^rt^-domains rfcomrnex.^^^^^^ ^ 

[r^:'^%^nd^«pr~^^^^^^ 

—^Ss^I^sLorsaSSuse,s^f information andinformauonsyste^^^ 
ArangeofstandaMizedscenanos^d^ ^ 

assessments follows: 

n ,rHHent fThe inclusion of accidental failure is important because in many cases the 
Tau^'offSl^^^^^^^^ 

potential effect on the information dependent process.). 

2) amateur hackers, 

3) experienced hackers. 



C-i 



4) well-funded non-state group Or acior ablis to purchase or hire advanced information 
warfare capabilities, 

5) state-sponsored information warfare, and 

6) state-sponsored information warfare with the active collusion of an authorized insider 
(worst case). 

A standardized set of methods for assessing information dependent processes should be used so 
that reporting is consistent across a wide range of information dependent activities. A proposed 
partitioning of assessment methods follows: 

a) an unknown information assurance capability for a specified assessment scenario, 

b) an engineering estimate of information assurance, based on a review of design and 
recovery plans, but no physical testing for a specified assessment scenario, 

c) an engineering estimate of information assurance, based on design parameters, siniulation 
exercises, and the review of detection capabilities and recovery plans, but no physical 
testing for a specified assessment scenario, 

d) an internal information assurance audit by an internal but independent organization, based 
examination of the written record of security and accidental incidents and responses from 
a live contingency plan exercises designed to simulate a specified assessment level 
defined above, 

e) an internal information assurance audit by an internal but independent organization, based 
on testing and examination of security and accidental incidents and responses from a live 
contingency plan exercise designed to simulate a specified assessment scenario defined 
above, and 

f) an information assurance audit by a totally independent security assessment organization, 
based on testing and examination of security and accidental incidents and responses firom 
a live contingency plan exercise designed to simulate a specified assessment scenario 
defined above (most stringent test case). 

Note that all organizations would not be expected to meet the most stringent assessment scenario. 
The application of an evaluation level would be determined by the criticality of the information 
dependent process to the overall activity. 

In such an information assurance, planning, testing and evaluation construct, the most robust and 
resilient organization would have demonstrated a 6-f capability of information assurance. 

Although not a taxonomy of information warfare, this approach provides a standard vocabulary 
for assessing and reporting operational readiness of organizations to carry out information 
dependent processes in an information warfare environment. This construct also provides a basis 
for developing an information warfare read iness reporting process. 

Within the Department of Defense, suitable information assurance reporting criteria along the 
above lines should be added to the Status of Resources and Training System (SORTS) (or a 
SORTS-like report); Communications Spot Report (COMSPOT) and daily Communications 
States Report (COMSTAT); annual CINCs Preparedness Assessment Report (CSPAR); Combat 
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Support Agency Assessment System (CSAAS); and the Base Defense and Operations Security 
evaluation schemes. 

In addition to preparedness assessments, which address specific information dependent processes, 
a generaUzed threat warning system is needed to communicate a heightened level of alert to 
numerous interconnected information dependent activities. 

Design of a warning system is complicated by the interconnectivity of the national (and global) 
infonnation infrastrucmre. A heightened state of alert must extend to dl sy^^^^^^^ 
at higher threat levels appropriate actions could include disconnecting from the mfrastrucmre so 
a wming method is needed that does not fully depend upon the interconnected mfrastrucmre. 
Conceivably, preparation could include "war modes" that extend across lower Jewels of network 
protocols (physical level through transport layer protocols). In addition, a workable inform^on 
Warfare alert and response process will require a comprehensive legal, regulatory and operational 
infrastructure. 

Detection of information warfare attacks wUl likely not come directly from if "<^f 
managers of individual systems. "Warlike" attacks may have many diverse targets but probably 
wm Slow the pattern of normal thefts or disruptions caused by amateur intruders, except as 
cover, concealment or deception. 

Reporting of incidents, particularly of attacks on civil information users of national interest will 
n" automatic nor directed to a common point unless a distributed stiructure is coated now, 
like the Center for Disease Control. Creation of a distributed reporting strucmte that filters 
upward with a focus on finding broader and broader patterns through indirect measurement and 
iterative analysis is essential as most "problem" detection will take place locally m a very 
decentralized fashion without the necessary visibility to detect the linkages between apparently 
unconnected events. 

The Tactical Warning/Attack Assessment fiinctions will require the synthesis of diverse and 
apparenUy unrelated information. Specialists in offensive information warfare should be 
included in the make-up of Department of Defense and national TW/AA centers to ensure 
suitable tradecrafl is applied to the TW/AA process. 

On receipt of an information warfare alert message or threat condition, the individual managers 
of infonnation dependent processes could initiate appropriate defensive actions to include 
dS^ting from the shLd infrastrucmre. Although Alert Conditions could be issued as 
^^It of strategic warning, most would be triggered by an aggregation of tactical warmng reports 
of individual incidents which wUl show a pattern of an attack rather than isolated incidents. 
A set of proposed information warfare (IW) Alert Conditions and Responses for use by the 
Federal government, in both civil and national security activities, follow: 

IW Alert Condition I 
Situation -Normal 

Normal level of threat from accident, crime and amateurs 
Normal level of unexplained activities in all sectors of the nation 



Response Required: 

Normal protective actions to include: 

• Due diligence in protecting information systems and assets 

• Reasonable level of maintenance activities 

• Compliance with IRS transaction auditing requirements 

• Compliance with all applicable rules, regulations and laws 
Normal level of unexplained activities in all sectors of the nation 

IW Alert Condition II 

Situation - Perturbation 

a) 10% increase in incidence reports, either regional or within a functional information 
dependent activity of national interest 

• Regional would include a large communally served geographic area 

• Functional would include sectors of the infrastructure, including but not limited to 

- Sector systems, such as medical systems or financial systems 

- Telecommunications service providers 

- Public utilities 

b) 15% increase in all incidents 

• Not limited to obvious infrastructure connections 
Response: 

Increase incident monitoring and cooperative analysis 
Look for patterns across a wide range of variables 

• Including source, users, time, connection, and type of equipment 
Alert all agencies to increase awareness of activities 

• Including Federal agencies, regulatory bodies, trade groups, professional 
organization, and corporate entities 

Begin selective monitoring of critical information services 

• Initiate expanded audit and tracking capabilities with increased reporting to central 
manager 

IW Alert Condition III 

Situation - Heightened Defense Posture 

a) 20% increase in incidence reports across the board, even with no apparent connection 

b) Condition n with special contexts 
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• Contextual sensitivity subject to integration with all other operations and activities 
of the U.S. 

Response: 

Disconnect all unnecessary connections 

• Advisory notices broadcast over diverse media to all elements of infrastructure: an 
IW emergency broadcast warning 

• Limiting connections should force a channeling of hostile activity and reduce the 
number of backdoors that can be exploited 

Turn on real time audit for critical information systems 

• Augment audit analysis teams to handle the increased loads 
Begin mandatory reporting to central manager 

• Support forensic investigations and help determine the identity of the aggressors 
IW Alert Condition IV 

Situation - Serious Situation 

a) Major regional or functional events that seriously undermine U.S. interests 

b) Conditions n or HI with special contexts 

• Contextual sensitivity subject to integration with all other operations and activities 
of the U.S. 

Response: 

Implement alternate routing 

• Example: replace a beleaguered switch with an ACTS satellite until the system can 
be rebuilt 

Limiting interconnectivity to minimal states 

• Begin triage to protect the main body 
Begin "aggressive" forensics investigations 

• Require legal back-up to allow active tracing of activities independent of identity 
or citizenship constraints 

• Includes proactive defensive measures 

• Includes intent to prosecute or exact retribution 
IW Alert Condition V 

Situation - Brink of War 

a) Widespread incidents that undermine U.S. ability to function 

b) Conditions m or IV with special contexts 
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• Contextual sensitivity subject to integration with all other operations and activities 
of the U.S. 

Response: 

Disconnect critical elements from the public infrastructure 

• Deploy the Minimum Essential Information Infrastructure and temporary systems 
as required 

Implement WARM protocols 

• For critical systems, implement alternate protocols for network to transport layers 
of systems 

Declare state of emergency 

Prepare for warfare, including retribution against aggressors using the full force of the 
U.S. 

Consideration of A Taxonomy for Information Warfare 

Many of the definitions, concepts and words that follow are drawn from the Joint Publication 
System, and in particularly from the Joint Doctrine for Conunand and Control Warfare and the 
Joint Reporting Structure. 

The central concept of information warfare is straightforward: The ultimate target of information 
warfare is an information dependent process, whether human or automated. The use of the word 
"warfare" should not be construed as limiting information warfare to a military conflict, declared 
or otherwise. 

The root concept of information warfare is offensive in nature. In tum, the concept of 
information warfare defense flows from the offense. This is not surprising as most defensive 
actions (counter-air, anti-submarine warfare, counter-mine, anti-crime, anti-drug) only have 
meaning within the context of action-reaction. Offensive information warfare targets 
information or information systems in order to affect the information dependent process, whether 
human or automated. Defensive information warfare protects the information dependent process, 
whether human or automated 

The question of interest is whether a useful taxonomy information warfare can be derived. 

In Joint Pub 3-13.1, Joint Doctrine for Command and Control Warfare, an "information system" 
is defined as the organized collection, processing, transmission, and dissemination of 
information, in accordance with defined procedures, whether automated or manual. This 
includes the entire infrastmcture, organization, and components that collect, process, store, 
transmit, display, and disseminate information. It includes everything and everyone that 
performs these functions — ^from a laptop computer to local and wide-area voice and data 
networks, broadcast facilities, buried cable and, most importantly, the people involved in 
transmitting, receiving, processing, and using the information. People, decisionmakers at all 
levels, are the most important part of the information system. 
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However, information systems themselves are part of larger information infrastructures. These 
infrastructures link individual information systems in a myriad of direct and indirect padis. The 
growing information infrastructures of today transcend industry, media, and the military and 
includes both government and non-government entities. The collection, processing, and 
dissemination of information by individuals and organizations comprise an important human 
dynamic, which is an integral part of the information infrastrucmre. A news broadcast on CNN, 
a diplomatic communique, and a military message ordering the execution of an operation all 
depend on the global information infrastructure. The information infrastructure has been 
assigned three categories global information infrastrucmre (Gil), national information 
infrastructure (Nil), and defense information infrastrucmre (DU). 

• The on is the worldwide interconnection of communications networks, computers, data 
bases, and consumer electronics that make vast amounts of information available to users. It 
encornpasses a wide range of equipment, including cameras, scanners, keyboards, fax 
machines, computers, switches, compact disks, video and audio tape, cable, wire, satellites, 
fiber-optic transmission lines, microwave, nets, switches, televisions, monitors, pnnters and 
much more. The GH, however, includes more than just the physical facilities used to store, 
process, and display voice data. The personnel who operate and consume the transmitted 
data constimte a critical component of the GH. 

• The Nn is the subset of the GH within the U.S. used for social, economic and national 
security activities. 

• The Dn is the shared or interconnected system of computers, conununications, data 
applications, security, people, training, and other support strucmres serving DoD's local, 
national and worldwide information needs. The DE connects DoD mission support, 
command and control (C2), and intelligence computers through voice, telecommunications, 
imagery, video and multimedia services. It provides information processing and services to 
subscribers over the Defense Information Systems Network. It includes C2, tactical, 
intelligence and commercial communications systems used to transmit DoD data 

In actuality the GH, NH and DH labels are misleading as there are few distinct boundaries in the 
information environment. The DH. NH, and GH are inextricably intertwined, a trend that will 
only intensify with the continuous application of rapidly advancing technology. Again, no 
ordered structure is readily apparent on which to base a taxonomy. 
If information warfare targeting and information warfare defense are shaped by particular 
information dependent processes then perhaps ordering information dependent processes will 
lead to a structure. However, only a little reflection leads to the conclusion that there are an 
infinite variety and scope of information dependent processes. Qearly, there is no "ordered 
system" that will tie these potential processes together, other than the shared characteristic of 
depending on information. Enumerating information dependent processes will not yield a 
taxonomy. 

What of the methods of information warfare? Consider that attacks and defenses may involve: 

• Physical attacks the components of the information infrastrucmre, e.g., computers, 
communications devices, software, cables, control devices, etc. 
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• Physical attacks on the components containing or supporting the information 
infrastructure such as buildings, power systems, environmental services. 

• Physical attacks on or the subversion of the people (witting or unwitting) who operate 
elements of the information infrastructure. 

• Physical destruction of information (erasure or over-write) without harming the 
infrastructure components. 

• Logic (malicious code) attacks on the components of the information infrastructure, e.g., 
computers, communications devices, software, control devices, etc. 

• Logic attacks on computer-controlled components supporting the information 
infrastructure. These may include air conditioners, air handlers, power distribution, and 
cooling water. 

• Attacks on information provided via the information infrastructure that is used by a 
specific function(s) (e.g., deception operations, and insertion of false information). 

• Corruption of information using logic or digital attacks without harming the components 
of information infrastructure. (The greatest harm may result from an attack which 
corrupts or injects false information in a manner that cannot be detected by the users of 
that information who subsequently take actions based on the corrupted or false 
information.) 

• Combined attacks where both physical and logical attacks on the information 
infrastructure or supporting elements are undertaken in combination to either mask one or 
the other types of attack or to obtain the benefits of a combined attack. 

From the above it follows that at the highest level information dependency can be partitioned into 
two elements: one, the availability of information needed by the process; and two, the integrity of 
information used in the process. Some would add a third element, the confidentiality of 
information, as it is an important factor in many civil and military information dependent 
processes. In the following derivation all three are addressed. Note that this trial taxonomy is 
irrespective of the offensive or defensive actions that may be undertaken to achieve or defend 
against these conditions it is just a structure for information warfare. 

A top-level taxonomy for information warfare 

AvaUabUity of information or information services 

Loss of information 

Detected on occurrence 

Detected after n* units of time 

Undetected 

Delay in receipt of information 

Detected on occurrence 

Detected after n units of time 
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Undetected 
Loss of an information service 
Detected on occurrence 
Detected after n units of time 
Undetected 
Delay in an information service 
Detected on occurrence 
Detected after n units of time 
Undetected 
Integrity of information 
Unauthorized change in data 
Detected on occurrence 
Detected after n units of time 
Undetected 
Insertion of false data 
From a correct source 
Detected on occurrence 
Detected after n units of time 
Undetected 
From an incorrect source 
Detected on occurrence 
Detected after n units of time 
Undetected 
Confidentiality of information 
Compromise detected on occurrence 
Compromise detected after n units of time 
Compromise undetected 

♦The unit of time can vary from microseconds to years. The criticality of 
n is determined by the information dependent process in each particular 
case 

Although only at three levels of complexity this sample taxonomy rapidly becomes unwieldy. 
Complexity grows at the next level as each of these conditions can be the result of accident or 
caused by deliberate intent. In many cases it may be impossible to determine which led to the 
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condition. At the next level deliberate intent can be carried out by an exterior actor, an insider 
with authorized access to the information or information services use in an information 
dependent process, or by both internal and external actors may be working in concert. Then there 
is the factor of time. If the failure was detected only after n units of time had elapsed, the affects 
that matter cannot be generalized but rather are unique to a specific information dependent 
process. The introduction of process-dependent timing takes us back to the earlier infinite 
variety of processes which has already been rejected as a basis for a taxonomy. 
But to press on with this sample taxonomy, we recognize that all of these events can be arrayed 
in multiple sequences and combinations. There are an infinite combination and permutation of 
such attack methods and countering defenses available for application within the intertwined 
Dn/Nn/Gn environment. Thus, an attempt to add successive layers to the taxonomy sketched 
out above would explode into incomprehensible complexity. Each element of data; each bit and 
byte of software; each device, whether in a computer at an end-node or along a communication 
path; each waveform; and each person with access to any of the components would have to be 
mapped onto the structure. 

It is just this complexity that is large part of the challenge facing the defender: he cannot know or 
protect against all the possible means of attack to succeed, the attacker needs only to know one 
weakness that the defender has left unprotected or have a weapon that can breech one point in 
defense. This is the imperative for risk management, resilient systems, and robust recovery 
capabilities. Again, although a top-level information warfare taxonomy can be sketched, it does 
not scale to a usefiil construct. (See the last page of this Appendix for a footnote on complexity.) 
Now the principle reason an information warfare taxonomy is a desired objective is that it adds 
precision to communication. Although the simple taxonomy sketched above does not meet that 
goal, a workable alternative is proposed that can be inserted into existing reporting stiucmres. 
The development of this alternative to a taxonomy has the benefit that it builds on existing 
models from the Joint Publications System. 

Joint Publication 1-03, "Joint Reporting Structure (JRS)," establishes a standard reporting 
vocabulary for the Department of Defense. Joint Publication 1-03.3 establishes the "Status of 
Resources and Training System (SORTS)", and provides the general provisions and detailed 
instructions for collecting and preparing data on units of the U.S. Armed Forces and selected 
foreign and international organizations. In practice, the utility of SORTS is not optimum because 
of the timeliness and quality of data submitted. Whether incorporated in SORTS or a stand-alone 
method, an information warfare SORTS-like reporting scheme is needed. 

SORTS fiinctions as the following: 

a. CentralRegistryof All Operational Units in the U.S. Armed Forces. SORTS is the 
single, automated reporting system within the Department of Defense that provides the National 
Command Authorities (NCA) and the Chairman of the Joint Chiefs of Staff with authoritative 
identification, location, assignment, personnel, and equipment data for the registered units and 
organizations of the U.S. Armed Forces, Defense agencies, and certain foreign and international 
organizations involved in operations with U.S. Armed Forces. The composite registry of all units 
is maintained by the Joint Staff. After initial registration, SORTS is designed to receive reports 
by exception when changes occur. 
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b. Repository of Resource Status of Selected Units. For selected registered units, SORTS 
also provides the condition and level of resources and training. This includes the unit 
conunander's assessment of how resources and training levels will affect the unit's ability to 
undertake its wartime mission. Units report by exception within 24 hours of a change or as 
directed by the Chairman of the Joint Chiefs of Staff. If no change in unit status occurs within 30 
days of report submission, units submit a validation report. 

SORTS contains provisions for reporting various readiness items: 
(a) Overall C-Level (OVERALL) Set. Data in this set include the overall C-Level for the 
unit and the codes for primary, secondary, and tertiary degradation reasons. The overall 
readiness showing how well the unit meets prescribed levels of personnel, equipment, and 
training for the wartime mission for which the unit has been organized or designed is ranked m 
descending order from C- 1 to C-5: 

C- 1 . The unit possesses the required resources and is trained to undertake the full 
wartime mission(s) for which it is organized or designed. The resource and 
training area status will neither limit flexibility in methods for mission 
accomplishment nor increase vulnerability of unit personnel and equipment. The 
unit does not require any compensation for deficiencies. 
C-2. The unit possesses the required resources and is trained to undertake most of the 
wartime mission(s) for which it is organized or designed. The resource and 
training area status may cause isolated decreases in flexibility in methods for 
mission accomplishment but will not increase vulnerability of the unit under most 
envisioned operational scenarios. The unit would require litde, if any, 
compensation for deficiencies. 
C-3. The unit possesses the required resources and is trained to undertake many, but not 
all portions of the wartime mission(s) for which it is organized or designed. The 
resource and training area status wiU result in significant decreases in flexibility 
for mission accomplishment and will increase vulnerability of the unit under 
many, but not all, envisioned operational scenarios. The unit would require 
significant compensation for deficiencies. 

C-4. The unit requires additional resources or training to undertake its wartime 

mission(s), but it may be directed to undertake portions of its wartime mission(s)) 

with resources on hand. 
C-5. The unit is undergoing a Service-directed resource action and is not prepared, at 

this time, to undertake the wartime mission(s)) for which it is organized or 

designed. 

(b) Personnel Uvel (PERSONEL) Set. Data in this set include the personnel level(P- 
level) and a code for the primary reason for degradation in the personnel area. 

(c) Equipment and Supplies On Hand Level (EQSUPPLY) Set. Data in this set include the 
equipment and supplies on hand level (S-level) and a code for the primary reason for degradation 
in the equipment and supplies on hand area. 
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(d) Equipment Condition Level (EQCONDN) Set. Data in this set include the equipment 
condition level (R-level) and a code for the primary reason for degradation in the equipment 
condition area. 

(e) Training Level (TRAINING) Set. Data in this set include the training level (T-level) 
and a code for the primary reason for degradation in the training area 

(f) Forecasted Category Level (FORECAST) Set. Data in this set include the forecasted C- 
level for the unit and the date the unit expects to attain that C-level. 

(g) Category Level Limitation (CATLIMIT) Set. Data in this set include the imposed 
maximum C-level for the unit, if any, and the primary resource area causing the limitation. 

An additional category should be added to SORTS specifying at what level of assessment 
scenario the unit is prepared to operate and how this preparedness was assessed using the 
terminology described earlier. 

Joint Pub 1-03.10, "JRS Communications Status/ provides for the Defense Information 
Systems Agency to provide near-real-time status information on a serious degradation of the 
Defense Communication System (DCS) via a Conununications Spot Report and to provide a 
sunmiary of significant status information on the DCS via a daily Conununications Status 
Report. 

These reports should be expanded to include information systems and information services. 
Further, these reports should be used by the military departments, services, combat support 
agencies and the CINCs to report the status of information systems and services. 

Joint Pub 1-03.31, "Preparedness Evaluation System," establishes the CINCs Preparedness 
Assessment Report (CSPAR). These report provide a biennial appraisal of the preparedness of 
the unified and specified commands to accomplish Joint Strategic Capability Plan tasks (both 
supporting and supported) within the constraints of the total apportioned force (Active and 
Reserve). In the CSPAR, each CINC identifies overall strengths and significant deficiencies 
affecting the conmiand's ability to carry out assigned missions and execute the plans produced 
during the most recent planning cycle. In submitting the CSPAR, CINCs are reporting on their 
ability to accomplish a specific task using available capabilities. 

The CINCs should be required to include an assessment of their ability to carry out assigned 
missions at the appropriate assessment scenario level and indicate the process used to determine 
preparedness. 

Joint Pub 1-03 32 1. **Combat Agency Assessment System/' sets forth the guidelines and 
procedures for operating the Combat Support Agency Assessment System (CS AAS), a uniform 
system for reporting to the Secretary of Defense, the commanders of the unified and specified 
commands (CINCs), and the Secretaries of the Military Departments concerning readiness of 
each combat support agency to perform with respect to a war or threat to national security. 

Chairman, Joint Chief of Staff (CJCS)-sponsored exercises provide the principal means of on- 
site evaluation of agency responsiveness in reacting to National Command Authority decisions 
and CINC warfighting requirements. In the event no such exercises are scheduled during the first 
two quarters of even-numbered fiscal years. Joint Staff observers conduct independent site visits 
to each of the combat support agencies. Although the CSPAR is the principal means for the 
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combatant commands to assess agency support. Joint Staff observers may also visit combatant 
command headquarters to discuss overall support, agency supporting plans, and ongoing efforts 
to improve shortfalls. 

These reports should be modified to include an annual assessment of the preparedness of the 
combat support agencies, at a specified assessment level to carry out their mission. The current 
two year schedule currently followed in assessing the readiness of combat support agencies is 
not realistic in an age of information warfare. The information dependent processes of these 
agencies are directly tied to the ability to mobilize, deploy and sustain the forces. Currently, this 
is an unknown in the age of information warfare. 

Joint Pub 3-10.1, "Joint Tactics, Techniques, and Procedures for Base Defense," categorizes 
threats to bases in the rear area by the levels of defense required to counter them. Emphasis on 
specific base defense and security measures may depend on the anticipated threat level. (These 
threat levels are discussed in detail in Joint Pub 3-10.) 

a. Level I threats can be defeated by base or base duster self-defense measures. 

b. Level H threats are beyond base or base cluster self-defense capabilities but can be 
defeated by response forces, normally military police (MP) units assigned to area 
commands with supporting fires. 

c. Level HI threats necessitate the command decision to commit a Theater Contingency 
Force. Level HI threats, in addition to major ground attacks, include major attacks by 
aircraft and theater missiles armed with conventional weapons or nuclear, biological and 
chemical (NBC) weapons. 

The threat to bases in the rear area should be modified to include information warfare attacks. 

Joint Pub 3-10.1 also spells out Threat Conditions and Responses and states that in combating 
terrorism, bases should use common terrorist threat conditions (THREATCONs), each with its 
specific security measures and required responses. 

Threat assessments are used to determine threat levels, to implement security decisions, and to 
establish awareness and resident training requirements. Threat levels are determined by an 
assessment of the situation using the following six terrorist threat factors: 

(1) Existence. A terrorist group is present, assessed to be present, or able to gain access to a 
given country or locale. 

(2) Capability. The acquired, assessed, or demonstrated level of capability to conduct 
terrorist attacks. 

(3) Intentions. Recent demonstrated anti-U.S. terrorist activity, or stated or assessed intent to 
conduct such activity. 

(4) History. Demonstrated terrorist activity over time. 

(5) Targeting. Current credible information on activity indicative of preparations for specific 
terrorist operations. 

(6) Security Environment. The internal political and security considerations that impact on 
the capability of terrorist elements to implement their intentions. 
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The severity of the terrorist threat is indicated by the designated threat level, assigned through, 
analysis of the above threat assessment factors. Threat levels, and associated factors, are: 

(1) Critical. Factors of existence, capability, and targeting must be present. History and 
intentions may or may not be present. 

(2) High. Factors of existence, capability, history and intentions must be present 

(3) Medium. Factors of existence, capability, and history must be present. Intentions may or 
may not be present. 

(4) Low. Existence and capability must be present. History may or may not be present. 

(5) Negligible. Existence and/or capability may or may not be present. 

The terrorist threat level is one of several factors used in the determination of terrorist THREAT 
CON. Factors that enter into the decision to assign a particular THREATCON and its associated 
measures include threat, target vulnerability, criticality of assets, security resource availability, 
impact on operations and morale, damage control, recovery procedures, international regulations, 
and planned U.S. Government actions that could trigger a terrorist response. 

The terrorist THREATCON system provides a common firamework to facilitate inter-Service 
coordination, support U.S. military anti-terrorist activities, and enhance overall DoD 
implementation of U.S. Government anti-terrorist policy. THREATCONs are described below: 

(1) THREATCON NORMAL. Applies when a general threat possible terrorist activity 
exists, but the threat warrants a routine security posture. 

(2) THREATCON ALPHA. Applies when there is a general threat of terrorist activity 
against personnel and installations, the exact nature and extent of which are unpredictable 
and circumstances do not justify full implementation of THREATCON BRAVO 
measures. However, base defense forces may have to implement selected measures from 
higher THREATCONs based on intelligence received. Base defense forces must be able 
to maintain the measures in this THREATCON indefinitely. 

(3) THREATCON BRAVO. Applies when an increased and more predictable threat of 
terrorist activity exists. Base defense forces must be able to maintain the measures of this 
THREATCON for weeks without causing undue hardship, without affecting operational 
capability, and without aggravating relations with local authorities. 

(4) THREATCON CHARLIE. Applies when an incident occurs or when intelligence 
indicates an inmiinent terrorist action against U.S. bases and personnel. Implementation 
of measures in the THREATCON for more than a short period probably will create 
hardship and affect peacetime activities of the unit and its personnel. Sustaining this 
posture for an extended period probably will require augmentation. 

(5) THREATCON DELTA. Applied in the inmiediate area where a terrorist attack has 
occurred or when intelligence has been received that terrorist action against a specific 
location is likely. Normally, this THREATCON is declared as a localized warning. 

The description of threat levels, threat assessments, severity of threat, and threat condition found 
in Joint Pub 3-10.1 is a good model for information warfare defense preparation, assessment, 
and warning. 
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Finally, Joint Pub 3-54, "Joint Doctrine for Operations Security," Change 1, Appendix E, 
outlines procedures for Operations Security (OPSEC). These surveys in general: 

a. Thoroughly examine an operation or activity to detennine if adequate protection from 
adversary intelligence exploitation exists. 

b. Check on how effective the OPSEC measures the operation or activity being surveyed in 
protecting protect its critical information. 

c. Cannot be conducted until after an operation or activity has at least identified its critical 
information for without a basis of identified critical information, there can be no specific 
determination that actual OPSEC vulnerabilities exist. (This is also true in information warfare.) 

Each OPSEC survey is unique. Surveys differ in the nature of the information requiring 
protection, the adversary collection capability, and the environment of the activity to be surveyed 

a. In combat, a survey's emphasis must be on identifying operational indicators that signal 
friendly intentions, capabilities, and/or limitations and that will permit the adversary to counter 
friendly operations or reduce their effectiveness. 

b. In peacetime, surveys generally seek to correct weaknesses that disclose information 
useful to potential adversaries in the event of fiiture conflict. Many activities, such as operational 
unit tests, practice alerts, and major exercises, are of great interest to a potential adversary 
because they provide insight into friendly readiness, plans, crisis procedures, and C2 capabilities 
that enhance that adversary's long-range planning. 

OPSEC Surveys are not Security Inspections: 

a. OPSEC surveys are different from security evaluations or inspections. A survey attempts 
to produce an adversary's view of the operation or activity being surveyed. A security inspection 
seeks to detennine if an organization is in compliance with tfie appropriate security directives 
and regulations. 

b. Surveys are always planned and conducted by the organization responsible for the 
operation or activity that is to be surveyed. Inspections may be conducted witiiout warning by 
outside organizations. 

c. OPSEC surveys are not a check on the effectiveness of an organization's security 
programs or its adherence to security directives. In fact, survey teams will be seeking to 
determine if any security measures are creating OPSEC indicators. 

d. Surveys are not punitive inspections, and no grades or evaluations are awarded as a result 
of them. Surveys are not designed to inspect individuals but are employed to evaluate operations 
and systems used to accomplish missions. 

e. To obtain accurate information, a survey team must depend on positive cooperation and 
assistance from the organizations participating in the operation or activity being surveyed. If 
team members must question individuals, observe activities, and otherwise gather data dunng the 
course of tiie survey, they will inevitably appear as inspectors, unless this nonpunitive objective 
is made clear. 

f. Although reports are not provided to the surveyed unit's higher headquarters, OPSEC 
survey teams may forward to senior officials the lessons learned on a nonattiibution basis. The 
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senior officials responsible for the operation or activity then decide to further disseminate the 
survey's lessons learned. 

There are two basic kinds of OPSEC surveys: command and formal. 

a. A command survey is performed using only command personnel and . on events within 
the particular command 

b. A formal survey requires a survey team composed of members from inside and outside the 
conmiand and will normally cross command lines (after prior coordination) to survey supporting 
and related operations and activities. 

c. Both types of surveys follow the same basic sequence and procedures. 

Although Joint Pub 3-54 is scheduled to be rewritten, it is quoted extensively as another 
possible model for conducting information warfare assessments. The assessment methodology 
cited at the beginning of the annex should yield more rigorous conclusions. 

By adopting concepts from each of die Joint Pub sources cited above a standard vocabulary of 
status reporting, tied to specific information dependent processes, can be developed for 
information warfare. Such an assessment and reporting system should be developed that stands 
on its own for use in civil agencies and the conunercial sector. Within the Department of 
Defense this may be more easily achieved by making suitable modification of the several 
portions of the Joint Reporting System. 

In the case of information warfare, as in the terrorism example above, a range of standardized 
threat scenarios should be promulgated for use in conducting preparedness surveys, as 
standardized assessment conditions for planning purposes, and a set of standardized threat 
warnings or THREATCONS . if warning is available. 

Whatever schema is used to evaluate the operational readiness of information dependent 
processes and activities, it must be timely and reflect the current state of the security policy being 
implemented, the supporting infrastructures (computers, communications, electricity and other 
supporting utilities) and the training status of the personnel, both systems administrators and 
users of information and information systems. 
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Complexity Footnote: 



A military example of how the complexity builds is found in command and control warfare 
(C2W). The U.S. military defines C2W as an application of information warfare in military 
operations. 

The execution of C2W involves the integrated use of some or all of the tools of psychological 
operations (PSYOP), military deception, operations security (OPSEC), electronic warfare (EW), 
and physical destraction, mutually supported by intelligence, to deny information to, influence, 
degrade, or destroy adversary C2 capabilities while protecting friendly C2 capabilities against 
such actions. Again, these are just means to carry out information warfare in a particular military 
environment. 

• Defensive tools called out in Joint Pub 6.0, Doctrine for C4 Systems Support to Joint Operations, 
include: 

(1) Physical security of facilities, 

(2) Personnel security of individuals authorized access to systems, 

(3) Operations security (OPSEC) procedures and techniques protecting operational 
employment of C4 system components, 

(4) Deception, deceiving the adversary about specific system configuration, operational 
employment, and degree of component importance to mission accomplishment, 

(5) Low probability of intercept (LPI) and low probability of detection (LPD) capabilities 
and techniques designed to defeat adversary attempts to detect and exploit 
transmission media 

(6) Emissions control procedures designed to support OPSEC and LPI/LPD objective, 

(7) Transmission security capabilities designed to support OPSEC and LPI/ LPD 
objectives, 

(8) Communications security (COMSEC) capabilities to protect information transiting 
terminal devices and transmission media from adversary exploitation, 

(9) Computer security capabilities to protect information at rest, being processed, and 
transitioning tenninal devices, switches, networks, and control systems from intnision, 
damage, and exploitation, 

(10) System design and configuration control (e.g., protected distribution systems, 
protection from compromising emanation (TEMPEST)) to mitigate tiie impact of 
information technology vulnerabilities, and 

(1 1) Identifying technological and procedural vulnerability analysis and assessment 
programs. 

To this list can be added nonrepudiation, identification and autiiorization, end-user use of 
encryption services, transmission encryption, replication, and a host of other techniques to 
protect various elements of the information infrastructure. As in the case of C2W, these are tools 
and in themselves, they are not information warfare. 
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D-1 CENTERS FOR DISEASE CONTROL AND PREVENTION 

Surveillance, Research, Prevention Efforts In The Area Of Infectious Diseases: 

Applicability Of CDC Experience To A 
National Center For Information Systems Security 



D.1.1 Introduction 

In the United States, the threat of infectious disease is changing rapidly in conjunction with 
dramatic changes in global society and environment. Worldwide, there is explosive population 
growth with expanding poverty and urban migration which, with rapid environmental changes, is 
resulting in the emergence of new and the reemergence of previously controlled infectious 
diseases; international travel is increasing so that infectious microbes can easily travel across 
borders with their human or animal hosts. Diseases that arise in other parts of the worid are 
repeatedly introduced into the United States, where they may threaten our national health and 
security. 

The threats to the U.S. Information Technology (IT) infrastructure bear similarities to the 
emerging infectious disease threat to public health. In particular, the context of Information 
Warfare Defense is parallel to that in public health. IT infrastructure growth, changing 
technology and increasing network interconnectivity correspond to global population growth, 
environmental change and increased travel. The U.S. Government approach to the increasing 
public health threat, led by the Centers for Disease Control and Prevention (CDC), can provide 
lessons in responding to national FT security threats. 

D.1.2 Background and Legislative History 

The Centers for Disease Control and Prevention (CDC) is an agency of the Public Health 
Service, in the Department of Health and Human Services. Its mission is to promote health and 
quality of life by preventing and controlling disease, injury, and disability. As the nation's 
prevention agency, the CDC accomplishes its mission by working with partners throughout the 
nation and the world. 

The CDC formally came into being in a department reorganization in 1980. In 1993, the 
organization officially became known as the Centers for Disease Control and Prevention, but the 
commonly known abbreviation CDC remained. 

The CDC traces its beginnings to 1946 when the Communicable Disease Center was established 
as a Field Station of the Bureau of State Services in the Public Health Service. It took over the 
offices and some responsibilities of the DoD's Office of Malaria Control which was being 
disestablished. The primary mission was to work with the States in tracking and controlling the 
spread of conmiunicable diseases in the United States. 



D-2 



The Center grew out of the general authority granted to predecessor organizations of the 
SoS^ent^Sth and Human Services (HHS) That is, no specific legislation was required 
SSSl^hme^How^^^^^ it is noteworthy that in 1893 Congress mandated that state and 
r^^S^^^^^ report information weekly about the incidence of certain " t^^^^^ 
Tw r Health Service Currently, CDC general authority flows through the general authority 
'^M s!::^fo^^^^^^ Hu'man Services. Funding for studies on specific P^^^^^ 
fulh as lead poisoning prevention, HIV, and breast cancer prevenuon are contained m various 
legislative acts. 

CDC suppom surveillance, «search, prevention efforts, and training f^j"/"";?^ 
diseases rtirouEh its National Center for Infectious Diseases (NCID). Created in 1981, NCIU 
J^SZt J^vention and control of traditional, new, and teetnerging tnfectious diseases 
in the United States and around the world. 

NCID accomplishes its mission of preventing illness and death from infectious diseases by 
focusing its resources in five areas: 



f uI^X^ OftaS:tious Diseases, In Collaboration With State And Local Health 
Departments 

Epidemiological And Laboratory Research , o» . • c 

Formulating, Disseminating, And Evaluating Prevention And Control Strategies 
Sng Ani Consultation Programs In Cooperation With Other CDC Units And Outside 
Agencies And Organizations 
D.1J ConceptofOperations: TheCDC Approach to the Global TTireat of Infectious 

Disease 
NCID Surveillance Activities 

NCID collects analyzes, and interprets reports of nationally notifiable infectious diseases and 
ouTeS ubmitte/by ;tate and iLal public health agencies and 

addition to this traditional form of surveillance, the center uses supplemental, non-traditional 

o monSr trends in infectious diseases of public health importance. These^yf "^^^^ 
nctSS^^Uased surveiUance; population-based active surveillance; sentinel physician 
^to^ h^S-^^^^^ networks for surveillance of infections; analyses of nationd ^tabases; 
rrserosumys^^ studies of special populations and settings. THe Center also collaborates 
^^^^2lTorU^ons^6 agencies in the global surveillance of selected pathogens. 

Partnerships 

NCID provides epidemiological, microbiologic, and consultative services to federal ^gencies^^^^ 
Ttateai^d local health depaittnents, medical and biomedical science mstitutions. schools of public 
t^±t^±c^Vro^Lrs. and the World Health Organization (WHO) and other mtemational 



agencies. 
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D.1.4 Appropriate Analogies/Examples in the National Responses to the Threat of 
Infectious Disease 

The similarities that the threats to the U.S. Information Technology (IT) infrastructure bear to the 
emerging infectious disease threat to public health suggest that the CDC experience can provide 
lessons in responding to national IT security threats. Below are elements of the CDC approach to 
the threat to U.S. public health which appear to apply to any formulation of a response to IT 
threats. 

Formulating a National Strategic Response Plan 

CDC's NCID strategic plan of 1994 has identified need to: 

• improve public health infrastructure at local, state and national level 

• recognize the global nature of the problem 

• institute global surveillance. 

The Plan's goals are: 

Goal I - Surveillance: Detect, promptiy investigate, and monitor emerging pathogens, the 
diseases they cause, and the factors influencing their emergence. 

Goal n - Applied Research: Integrate laboratory science and epidemiology to optimize public 
health practice. 

Goal in - Prevention and Control: Enhance conmiunication of public health information about 
emerging diseases and ensure prompt implementation of prevention strategies. 

Goal rv - Infrastructure: Strengthen local, state, and federal public health infrastructures to 
support surveillance and implement prevention and control programs. 

Similarly, the Federal Government must have a strategic plan to respond to the increasing IT 
threat, a plan to: 

• improve IT infrastructure security at the national level, 

• recognize the ubiquitous nature of the problem and 

• institute national (and even global) surveillance. 

The goals of such a plan could be expected to closely parallel those of CDC's NCID strategic 
plan: 

Goal I - Surveillance: Detect, promptly investigate, and monitor Information Technology 
Infrastructure threats, and the factors influencing their occurrence.a national consortium of IT 
providers and users to promote rapid interchange of event occurrence information a near real 
time monitoring and assessment function 
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Goain-App«e^/e..earc;.: Integrate private industr^^^ 

Sfdeveient to optimize public and private secunty pracuce. Support R&D m IT secunty. 
Establish effectiveness studies and disseminate results 

standards. 

no,l TV Infrastructure- Strengthen national and international infrastructures to support 

prevention and control programs. Promote estabhshment of 

training 

F..tahlif;hing an Ip f^rmation Exchange Infrastructure 

Th. Information Network for Public Health Officials (INPHO) was initiated by the Centers for 
TJeMormaUon NetwOTR^^^^^ 1992 as part of its strategy to strengthen the 

Disease Control and Prevention kk^uk.) m 177^ v txtpho U to imnrove the 

infrastmcture of public health in the United States, f ima^e f ^^^"^''^'^^Hq 

for their own public health needs. 



resources. 



that are critical to achieving these goals. 
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bureaucratic barriers to communication and information exchange. Public health practitioners 
have unprecedented electronic access to health publications, reports, databases, directories, and 
other information. High speed communications capacity enables them to communicate and 
exchange data locally and across the nation on the full universe of public health issues. (The 
INPHO is described further in Attachment 1.) 

Similarly, the Federal Government might promote or sponsor systematic information and data 
exchange among national, state and local IT users and providers to respond to the increasing IT 
threat. 

Convening an Inter-Agency Working Group to Recommend U.S. Government Actions 

A U.S. Government interagency working group was convened on December 14, 1994, to 
consider the global threat of emerging and re-emerging infectious diseases. The working group 
was established under the aegis of the Conunittee on International Science, Engineering, and 
Technology Policy (CISET) of President Clinton's National Science and Technology Council. Dr. 
David Satcher, the Director of the Centers for Disease Control and Prevention (CDC), chaired 
the CISET working group, which included five sub-groups with co-chairs from CDC, the Food 
and Drug Administration (FDA), the National Institutes of Health (NIH), the U.S. Agency for 
International Development (US AID), the Department of Defense (DoD), and the State 
Department. The working group's membership, which included representatives from more than 
17 different Government agencies and departments, reviewed the U.S. role in detection, 
reporting, and response to outbreaks of new and re-emerging infectious diseases and made a 
number of recommendations which are described in Global Microbial Threats in the 1990s, 
published in late 1995 by the President's National Science and Technology Council. 

As with the National Science and Technology Council's Government interagency working group 
on the global microbial threat, a multi-agency government advisory panel to reconmiend U.S. 
Government responses to the IT threat might be appropriate. 

Forming Partnerships for Interaction^ Cooperation, and Coordination 

Effective public health policy results from interaction, cooperation, and coordination among a 
wide range of public and private organizations and individuals. Particularly critical to this 
process are CDCs partnerships with state and territorial health departments; other federal 
agencies; professional organizations; academic institutions; private health care providers; health 
maintenance organizations and health alliances; local conununity organizations; private industry; 
and international partners, including the Worid Health Organization (WHO) and international 
service organizations and foundations. Each of these partners play an integral role in the 
cooperative efforts required to safeguard the public's health from emerging infectious disease 
threats. 

CDC partnerships at the federal level have been helpful in confronting infectious diseases of 
public health importance in the United States. For example, CDC and NIH developed improved 
diagnostic tests for Lyme disease and various fungal infections. CDC has also worked closely 
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with FDA and USDA in controlling emerging foodbome illnesses. Recent CDC collaborations 
with EPA have been instrunfiental in recognizing and controlling waterbome outbreaks of 
giardiasis and cryptosporidiosis in several states. 

In addition, CDC has often joined forces with USDA and DoD to control or prevent vector-borne 
infectious disease threats. Such cooperative efforts were used successfully to address potential 
mosquito-borne illness following Hurricane Andrew in Florida and Louisiana in 1992. 

Clear, well-established lines of communication and responsibility between appropriate personnel 
in federal agencies, such as CDC, NIH, EPA, FDA, USDA, DoD, and others, are essential to the 
development of efficient, cost-effective prevention and control strategies. Such links help 
eliminate costly duplication of effort and focus limited federal resources on the early recognition 
and timely control of new infectious disease problems. 

Similarly any U.S. Government effort to meet the IT threat would require active, long-term 
partnerships among Federal agencies and with elements of the IT industry. 

Assume International Leadership 

The CDC is actively promoting U.S. leadership in the development of an international 
partnership to address emerging infectious diseases. This leadership role is a natural one for the 
United States since American business leaders and scientists are in the forefront of the computer 
communications and biomedical research communities that must provide the technical and 
scientific underpinning for disease surveillance. The United States maintains more medical 
facilities and personnel abroad than any other country, in terms of both civilian and military, and 
public and private sector institutions. Furthermore, American scientists and public health 
professionals have been among the most important contributors to the international efforts to 
eradicate smallpox and polio. 

Similar arguments would support U.S. leadership in the formulation of a global response to what 
will surely become a global IT threat. 
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Summary 

To strengthen the public health infrastructure, the Centers for Disease Control and Prevention 
(CDC) initiated the Information Network for Public Health Officials (ESfPHO). CDC INPHO has 
three goals: (1) to make conraiunication among public health practitioners throughout the United 
States easy, (2) to make information accessible, and (3) to make secure data exchange as swift 
and smooth as contemporary technology will allow. Based on a systems approach to supporting 
the core functions of public health, CDC INPHO achieves its goals by creating a flexible and 
user-responsive infrastructure of open conmiunications and information exchange. 



"Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in 
information?" r.5. Eliot, The Rock 



Vision and Goals 

The Centers for Disease Control and Prevention (CDC) initiated the Information Network for 
Public Health Officials (INPHO) in 1992 as part of its strategy to strengthen the infrastructure of 
public health in the United States. [1] The vision driving CDC INPHO is that of a new, 
integrated public health information system based on a state-of-the-art telecommunications 
network linking the public health conmiunity and providing seamless exchange of information 
(see the box tided, " INPHO: The Vision, the Need, the Basic Concepts "). When fully deployed, 
CDC INPHO will become the common pathway for public health practitioners throughout the 
United States-at the conununity, state, and national levels alike-to exchange information with 
each other, with CDC, and with colleagues globally. As a result, every public health worker in 
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the United States should be linked to every other public health worker through 
telecommunications technology. 

CDC INPHO has three goals: (1) to make communication easy, (2) to make information 
accessible, and (3) to make secure data exchange as swift and smooth as contemporary 
technology will allow. Achieving those goals will involve a variety of activities in the states, 
depending on the status of their public health information strategy, telecommunications 
networks, end-user priorities, and other factors. Similarly, the CDC role will vary from state to 
state to serve the needs of their public health agencies. All INPHO activities, however, will focus 
on building a common public health information network linking all public health practitioners 
across the nation. 



Why We Need Better Conmiunication 

A particularly insightful way to conceptualize die value of improved public health information 
comes from Harlan Cleveland, author of The Knowledge Executive: Leadership in an 
Information Society.[2] Cleveland makes the distinction between data, information, and 
knowledge. Data are undigested observations and unvarnished facts-basically the raw material 
of public health. Information is organized data. In public health, however, information typically 
is assembled not by die practitioners who are die end users but by odiers who are often in remote, 
centralized agencies. Knowledge, in turn, is the product of information the end user organizes, 
internalizes, and integrates witii everything else she or he knows from experience, smdy, or 
intuition. Knowledge, ultimately, is the best guide to our practice of public healdi. What public 
health professionals are interested in is creating access to information tiiat will expand our 
knowledge base and guide our work. 

In diinking about developing an information network for public health officials, CDC focused on 
four critical needs (see the box ): 

* Connecting a fragmented system. Everyone familiar with the Institute of Medicine report on the 
future of public health recognizes its diagnosis that the public health system is in disarray.[3] 
This clearly indicates die need to take action that will [re] connect the elements of the fragmented 
system. One way of doing this is dirough telecommunications technology. 

* Linking public health professionals. Many public health professionals operate in significant 
isolation. One way to break down isolation is by connecting public health professionals through 
telecommunications technology. Two examples are CDC's WONDER/PC electronic mail and 
forums and die national telecommunications network CDC has created as part of die Public 
Healdi Leadership Institute. 

* Leading and responding to health reform. Clearly, die public healdi community is in die 
information business and specifically in die business of providing information to die 
communities that public health serves. 
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* Activating public health for the health reform environment. As health reform advances- 
whether legislated in Washington and the states or propelled by market forces-public health 
needs to ensure that its core functions continue to be performed. 



INPHO: The Vision, the Need, the Basic Concepts 

The Vision 

* An integrated telecommunications network linking the public health 
community and providing exchange of data and information 

The Need 

* Connecting a fragmented system 
* Linking public health professionals 
* Empowering communities with information 
* Leading and responding to health reform 

The Basic Concepts 

* Linkage 
* Information access 
* Data exchange 



Three Key Concepts 

CDC INPHO embodies three concepts key to generating the data, information, and knowledge to 
address the needs outlined above (see the box). Linkage is the first key concept. Here CDC is 
active on several fronts. CDC is working with state and local, health agencies to build local and 
wide-area networks-actual physical construction of networks, supported in some cases through 
outside resources. Second, CDC is expanding "virtual networks" through the use of CDC 
WONDER PC, a software system that allows public health professionals to communicate across 
the globe through electronic mail and that also provides unprecedented access to data and 
information maintained in CDC's large public health databases. [4,5] Third, CDC is emphasizing 
the strategy of connecting to the Internet. CDC encourages each state to identify ways to connect 
with the Internet and have access to the information superhighway. 

In partnership with the Georgia Division of Public Health, CDC is implementing an INPHO 
project to electronically link all parts of the public health system-the state health agency, district 
health departments, and county health departments. CDC is providing those offices access to the 
CDC information bases and other sources of information that the state public health agency and 
its project partners deem valuable. CDC will work with additional states in a similar manner 
beginning in late 1994, emphasizing development of network capabilities and applications 
defined by the states themselves. CDC also is linking its information system initiatives with its 
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Distance Uaming Program. A clear linkage exists between the INPHO concept of an 
information network and the notion of a public health training and distance learning network for 
public health professionals. 

The second key concept is information access. CDC generates a large body of information that is 
published in various forms, but not always in the form most accessible to end users. In this 
respect, the CDC INPHO is focused on improving practitioners' access to existing and future 
CDC information bases. The principal approach is to expand the number of information bases 
accessible through the CDC WONDER PC system. Areas that warrant particular menuon are (1 .) 
The prevention guidelines database. (2.) The training resource directory that will enable public 
health professionals to identify upcoming training offered by CDC and other organizations, and 
(3.) On-line access to the Morbidity and Mortality Weekly Report, complete with tables and 
graphs. 

CDC is not attempting to expand access to information exclusively through the CDC WONDER 
PC system Public health professionals currently access information in many other ways and from 
many other sources that have great value. It is CDCs hope that its own efforts will help public 
health professionals maximize their use of multiple access routes so they can achieve access to 
the information they want as rapidly as possible. 

Exchange of data and information is the third key INPHO concept. Many different types of data 
are involved, among them health statiis data, health risk information, and particularly data on 
health care services. As the era of health care reform advances, it will be vital for public health to 
have rapid, electronic access to health care services information from personal care providers. 
One important issue is that of automating data entry. Many health departtnents do not have 
access to automated data entiy systems. Protecting personal privacy and ensuring confidentiality 
may be one of the most important issues of all. The structiire of the data exchange system also is 
important. Cunentiy, public health has many disparate data systems in place and needs to look to 
a more integrated approach. 

As the era of health care refonn advances, it will be vital for public health to have rapid, 
electronic access to health care services information from personal care providers. 

Finally, as health care refonn becomes reality, related information systems are being created. It is 
essential that the public health community understand the implications of those systems and 
ensure that they generate information to support and enhance the ongoing core functions of 
population-based health assessment and assurance. 

David Satcher, CDC Director, has identified the obstacles public health faces in fulfilling the 
concept of data and information exchange: 

First public health agencies at the local, state, and federal levels have a fragmented set of public 
inforaiation systems that threaten to overwhelm the capacity of state and local health departments 
to respond to the information needs they face. 
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Second, there is variable access to technology. Some health departments do not have or cannot 
make ready use of the telecommunications technologies that the INPHO project envisions. 

Third, the issue of confidentiality is significant not only as a complex policy issue but also for its 
symbolic, perceptual importance. The American public is legitimately concerned about issues of 
confidentiality. The public health community must address this concern squarely and 
responsively. 

Fourth, public health does not have a wealth of existing integrated systems on which to model its 
own integrated information initiative. The lack of precedents clearly presents an obstacle but, at 
the same time, a professional challenge to "reinvent" public health using a "bootstraps" approach 
that draws on the creativity and energy characteristic of the public health profession. [6] 



CDC Strategies 

How is CDC confronting these obstacles? To address the problem of fragmented information 
systems, Martha Katz, CDC's Associate Director for Policy, Planning, and Evaluation, formed a 
collaborative committee in 1993 that drafted the Report on Public Health Information and 
Surveillance Systems. [7] The report contains a set of recommendations for action toward 
integrated health surveillance and information systems that was issued for review and reaction by 
state and local public health agencies in the spring of 1994. Initial responses were gathered 
during the March 1994 first annual CDC INPHO conference held in Atlanta, Georgia, and 
attended by public health representatives from across the nation. 

CDC is also working with states to support network development and address the obstacle of 
variable access to contemporary technology. The Georgia INPHO project is an invaluable 
prototype for the nation. CDC is mobilizing funding and other resources to help other states 
initiate similar projects that speak to their specific needs. CDC will support "knowledge transfer" 
from Georgia and the succeeding INPHO states. 

In 1994, CDC organized a confidentiality work group and charged it to assess the legal and 
technological dimensions of the issue and to develop recommendations and guidelines for 
protection of confidentiality in the context of integrated information and health surveillance 
systems. 

CDCs approach to dealing with the lack of precedents has two parts. The first is to proceed with 
the state INPHO projects and to leam from their experience. Second, and of equal importance, is 
to leam from the complementary projects that a number of state and local public health agencies 
have underway. These projects focus directly on integrated information systems, data exchange 
across categorical program lines, data exchange with hospitals and managed care providers, and 
other issues integral to the INPHO vision. A key role that CDC can play is to disseminate to the 
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national public health community the innovations, successes, and lessons learned by 
local and state projects. 



The INPHO Project and the Systems Approach 

A central tenet of systems thinking, as represented, for example, in the work of Peter Senge, is 
that today's solutions create the issues of tomorrow. [8] 

This insight is germane to the CDC INPHO initiative. It cautions that the goal of DSfPHO should 
not be to increase the sheer volume of data and information available to public health 
professionals. Instead, it is to increase their ability to generate and access the mformauon and 
knowledge they need to guard the health of the public. 

Information overload, already a reality in the lives of many public health professionals, threatens 
to become the leading occupational disease in the 21st century. Unfocused electromc mformation 

systems are a threat, not a boon, to public health. The rainfall of electronic mail that seemingly 
descends on users' computers overnight is a telling symptom. Surgeon General Joycelyn Elders 
recently remarked that a symptom of information overload is that the quantity of information m 
her professional hfe sometimes prevents her from enjoying the work that she knows in her heart 
she tmly values. 

Confronted with the challenges of the 1990s and the 21st cenmry, the public health community 
ultimately needs wisdom on which to base its decisions and choices of action. Harlan Cleveland 
defines wisdom as "Integrated knowledge, information made super useful by theory which relates 
bits and fields of knowledge to each other, which in turn enables us to use the knowledge to do 
soniething." [2 (p.23)] Only the human mind can synthesize wisdom from data and information. 
The vision of CDC INPHO necessarily is more modest. 

Tlie key to building successful, integrated public health information systems is to focus on a 
vision consistent with the core mission and core fimctions of the profession. CDC INPHO is 
^ on a systems approach to supporting the core functions of public health. It does that by 
creating a rich, flexible, and user-responsive infrastructure of open communications and 
information exchange. The CDC INPHO team is developing specific, valuable software and 
computer/telecommunications networks. The heart of the initiative, however, is the conceptual 
Rework it provides for truly integrated health assessment and assurance both within the public 
**^th community and in conjunction with the evolving health care sector. 
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D.2 FEDERAL EMERGENCY MANAGEMENT AGENCY FEDERAL RESPONSE 
PLAN ORGANIZATIONAL MODEL 



FEMA Experience: 
Applicability To The 
National Center For Information Systems Security Assurance 



D.2.1 Background 

FEMA is an independent federal agency with more than 2,600 full time employees: at FEMA 
headquarters in Washington D.C., at regional and area offices across the country, at the Mount 
Weather Emergency Assistance Center, and at the FEMA training center in Emmitsburg, 
Maryland. FEMA also has nearly 4,000 standby disaster assistance employees who are available 
to help out after disasters. Often FEMA works in partnership with other organizations that are 
part of the nation's emergency management system. These partners include state and local 
emergency management agencies, 27 federal agencies and American Red Cross. 

FEMA's Mission is to provide leadership and support to reduce the loss of life and property and 
protect our nation's institutions from all types of hazards through a comprehensive, risk-based, 
all-hazards emergency management program of mitigation, preparedness, response and recovery. 

FEMA accomplishes its mission through a very broad range of activities, including: 

• helping equip local and state emergency preparedness... 

• coordinating the federal response to a disaster... 

• making disaster assistance available to states, conmiunities, businesses and individuals... 

• advising on building codes and flood plain management... 

• teaching people how to get through a disaster... 

• training emergency managers...supporting the nation's fire service... 

• administering the national flood and crime insurance programs... 

In particular, FEMA fiilly or partially funds emergency management programs and staff in all 56 
states and territories, and helps design and equip emergency operations in thousands of localities. 
An important objective of this assistance is effective preparedness through planning. Emergency 
Operations Plans are updated periodically and submitted to FEMA for review. 



D.2*2 Concept of Operations 

The Federal Emergency Management Agency's Federal Response Plan (for Public Law 93-288, 
as amended) describes FEMA's Concept of Operations to address the consequences of any 
disaster or emergency situation in which there is a need for Federal response assistance under the 
authorities of the Stafford Act. It is applicable to natural disasters; technological emergencies 
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involving radiological or hazardous ma^rial releases; and od.er incidenrs requiring Federal 
assistance under the Act. 

..KesponsePl^^^b^e-^^^ 

'STf"*rpSn ^Federal assistance, .he Plan uses a functional approach ,o 
^X^eSassis^^^wh^a^^^^^^^ 

SSer agencies have been designaKd as support agences 5[ KFs^^^^ti^ pri^^ 

appointed by the Director of FEMA on behalf of the President. 
Feaeralassistanceprov^under™ 

ET^r^^S^rrlp-vide Federal response assistanceh^^ 
State-identified priorities. 

Each ESF vriU provide resources using its primary and support 
capabilit^,inLrdinaUonwith^«^^^^^ 

sl^S^li^wfrScrrr/saren^^ 
appropriate ESF headquarters office for further action. 

One or more disasters may affect a number of States and regions concurrently. In those 
fns^ eTSe fS government will conduct multi-State response operauons, for e^^^^^^ 
instances, me reacg ^^^^^ to coordinate the specific requirements for Federal 

of the declared States. 

D.23 Legislative History/Authorities 

Tn 1 Q88 Public Law 93-288 was amended by Public Uw 100-707 and retiUed as the Robert T. 
SSS^e^^-SandEn..^— ^ - 



property. 
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In providing response assistance under the Federal Response Plan, Federal departments and 
agencies are covered under the authorities of P.L. 93- 288, as amended. Under P.L. 93-288, the 
President may direct any Federal agency to utilize its authorities and resources in support of State 
and local assistance efforts. This authority has been further delegated to the Director, FEMA, the 
Associate Director, State and Local Programs and Support (SLPS), and to the FEMA Regional 
Directors in carrying out the provisions of the Stafford Act. 

Response by departments and agencies to lifesaving and life protecting requirements under the 
Plan has precedence over other Federal response activities, except where national security 
implications are determined to be of a higher priority. Support from departments and agencies 
will be provided to the extent that it does not conflict with other emergency 

D.2.4 Relationships with Otiier Government Agencies 

General Information 

Numerous federal agencies and departments are partners in the nation's emergency management 
system. In planning, they participate in training exercises and conduct a variety of activities to 
help the nation prepare for disasters. For example, the Federal Conununications Commission 
and the Conmierce Department's National Weather Service provide on-going warning and 
disaster tracking services. In a catastrophic disaster, FEMA coordinates the federal response, 
working with 27 federal partners and the American Red Cross to provide emergency food and 
water, medical supplies and services, search and rescue operations, transportation assistance, 
environmental assessment, and more. The National Disaster Medical System is a partnership set 
up to provide emergency medical services in a disaster, involving FEMA, the Department of 
Health and Human Services, the Department of Defense, the Veterans Administration, as well as 
public and private hospitals across the country. 

• National emergency management organizations. Emergency preparedness and response 
requires the efforts of many people. FEMA works in parmership with national 
organizations dedicated to assisting the public in preparation for and response to a 
disaster. IrEMA supports the efforts of the National Emergency Management Association 
(NEMA), whose membership includes state emergency managers, and the National 
Coordinating Council on Emergency Management (NCCEM), whose membership 
includes local emergency managers. 

• State emergency management departments. When a disaster overwhelms local resources, 
the task of coordinating response moves to the next level ~ the state. States take a leading 
role in response to any large-scale disaster, even those so major that federal assistance is 
requested. FEMA supports the state emergency management in many ways, from funding 
state planning to working directly with state agencies to managing a large-scale response. 

• Local emergency management agencies. Local emergency management programs are the 
heart of the nation's emergency management system. FEMA supports them with funding 
for emergency planning and equipment, by offering training courses for emergency 
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managers and firefighters, by conducting exercises for localities to practice their response, 
and by promoting ways to minimize disasters' effects. FEMA also builds partnerships 
with mayors, county boards and other elected and appointed officials who share 
responsibility for emergency management. 

. Partnerships with the private sector. Disaster requires the full resources of a community 
to help people respond and recover. FEMA encourages all sectors of society -- from 
business and industry to volunteer organizations - to work together m disaster 
preparation, response and recovery. FEMA assists in coordinating activities of a vanety 
of players, including private contractors, hospitals, volunteer organizations and area 
businesses. It is through these partnerships of people working together that conununmes 
are able to put the pieces back together. 

Relationships with Other U.S Government Agencies 

The Federal Emergency Management Agency's Federal Response Plan provides standing 
mission assignments to the designated departments and agencies with pnmary and support ^ 
responsibiUties to carry out Emergency Support Functions (ESFs). Federal deparmients and 
agencies designated as primary agencies serve as Federal executive agents under the FCO m 
accomplishing the ESF response missions. Upon activation of an ESF, a pnmary agency is 
authorized, in coordination with the Federal Coordinating Officer (FCO) and the State to initiate 
and continue actions to carry out the ESF missions described in the ESF Annexes to the Plan, 
including tasking of designated support agencies to carry out assigned ESF missions. 

At the national level, primary agencies are responsible to plan and coordinate with dieir support 
agencies for the delivery of ESF-related assistance. Primary agencies are responsible for 
preparing and maintaining the ESF annexes and appendices to the Plan to reflect the policies 
procedures regarding assistance to be provided, and associated responsibilities of the designated 
primary and support agencies. 

Support agencies will assist the primary agencies in preparing and maintaining ESF annexes and 
appendices, developing national and regional operating procedures, and providing support for 
ESF operations. 

EMERGENCY STTPPORT FUNCTTON #1: TR ANSPORTATION 

The purpose of this Emergency Support Function (ESF) is to provide for the coordination of 
Federal transportation support to State and local governmental entities, voluntary organizations, 
and Federal agencies requiring transportation capacity to perform disaster assistance nussions 
following a catastrophic earthquake, significant namral disaster, or other event reqmnng Federal 
response. 

PRIMARY AGENCY: Department of Transportation 
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SUPPORT AGENCffiS: 

• Department of Agriculture 

• Department of Defense 

• Department of Energy 

• Department of State 

• General Services Administration 

• Interstate Conmierce Commission 

• Tennessee Valley Authority 

• Postal Service 

EMERGENCY SUPPORT FUNCTION #2: COMMUNICATIONS 

The purpose of this Emergency Support Function (ESF) is to assure the provision of Federal 
telecommunications support to Federal, State, and local response efforts following a 
Presidentially declared emergency, major disaster, extraordinary situation and other emergencies 
under the Federal Response Plan. This ESF supplements the provisions of the National Plan for 
Teleconmiunications Support in Non-Wartime Emergencies, hereafter referred to as the National 
Teleconmiunications Support Plan (NTSP). 

PRIMARY AGENCY: National Conmiunications System 

SUPPORT AGENCIES: 

• Department of Agriculture 

• Department of Conunerce 

• Department of Defense 

• Department of the Interior 

• Department of Transportation 

• Federal Conununications 

• Conunission 

• Federal Emergency Management 

• Agency 

• General Services Administration 

EMERGENCY SUPPORT FUNCTION #3: PUBLIC WORKS AND ENGINEERING 

The purpose of this Emergency Support Function (ESF) is to provide Public Works and 
Engineering support to assist the State(s) in needs related to lifesaving or life protecting 
following a major or catastrophic disaster. 

PRIMARY AGENCY: Department of Defense; U.S. Army Corps of Engineers 

SUPPORT AGENCIES: 

• Department of Agriculture 

• Department of Commerce 
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• Department of Energy 

• Department of Health and Human Services 

• Department of the Interior 

• Department of Labor 

• Department of Transportation 

• Department of Veterans Affairs 

• Environmental Protection Agency 

• General Services Administration 

• Tennessee Valley Authority 

T^ivAPPnFNCY SUPPORT FUNCTION #4- FTREnGHTING 

S^icant natural disaster or other event requiring Federal response assistance. 
PRIMARY AGENCY: Department of Agriculmre; Forest Service 

SUPPORT AGENCIES: 

• Department of Commerce 

• Department of Defense 

• Department of the Interior 
Environmental Protection Agency 
Federal Emergency Management Agency 




Information and Planning: collect, process and disseminate -^-Jf^" ^^^^^^^^ 

actual disaster or emergency to facilitate the overall activities of the Federal govemmem 

providing response assistance to an affected State. 

PRIMARY AGENCY: Federal Emergency Management Agency 

SUPPORT AGENCIES: 

• Department of Agriculture 

• Department of Commerce 

• Department of Defense 

• Department of Education 

• Department of Energy 

• Department of Health and Human Services 

• Department of the Interior 

• Department of Justice 

• Department of Transportation 

• Department of the Treasury 
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• American Red Cross 

• Environmental Protection Agency 

• General Services Administration 

• National Aeronautics and Space 

• Administration 

• National Communications System 

• Nuclear Regulatory Commission 

EMERGENCY SUPPORT FUNCTION #6: MASS CARE 

The purpose of this Emergency Support Function (ESF) is to coordinate efforts to provide 
sheltering, feeding, and emergency first aid following a catastrophic earthquake, significant 
natural disaster or other event requiring Federal response assistance; to operate a Disaster 
Welfare Information (DWI) System to collect, receive, and report information about the status of 
victims and assist with family reunification supplies to disaster victims following a disaster. 

PRIMARY AGENCY: American Red Cross 

SUPPORT AGENCIES: 

• Department of Agriculture 

• Department of Commerce 

• Department of Defense 

• Department of Health and Human Services 

• Department of Housing and Urban Development 

• Department of Transportation 

• Department of Veterans Affairs 

• Federal Emergency Management Agency 

• General Services Administration 

• Postal Service 

EMERGENCY SUPPORT FUNCTION #7: RESOURCE SUPPORT 

The purpose of this Emergency Support Function (ESF) is to provide logistical/resource support 
following a catastrophic earthquake, other significant natural disaster or other event requiring 
Federal response. 

PRIMARY AGENCY: General Services Administration 

SUPPORT AGENCIES: 

• Department of Agriculture 

• Department of Commerce 

• Department of Defense 

• Department of Energy 

• Department of Health and Human Services 



0-24 



Department of Labor 
Department of Transportation 
Department of Veterans Affairs 
Federal Emergency Management Agency 
National Communications System 
Office of Personnel Management 



F.Mh,KLlCi>l ' ' ciLJirx . ^ 

cJinittd assistance to »PP''™'« ^'^'f „^*^,i:^7^^^^^^ event Assistance 

nedical care needs following a s.gmfic^t "f"^'''^^ " " ^ ^ ^.e Depaltment of Health 
povided under ESF #8 - Health and Medical Services 'S ^^^^^^ to Health 

Ld Human Services (HHS) through ^ ^xe^nve Age« U^^^^^^ ^ 

rsraTdtrrTrrov^^^^s"^^^^^^^ 

requested from the Federal Government. 

PRIMARY AGENCY: Departn«nt of Health and Hutnan Services; U.S. Public Health Service 

SUPPORT AGENCIES: 

• Department of Agriculmre 

• Department of Defense 

• Department of Justice 

• Department of Transportation 

• Department of Veterans Affairs 

• Agency for International Development 

• American Red Cross 

• Environmental Protection Agency 

. Federal Emergency Management Agency 

• General Services Administration 

• National Communications System 

• Postal Service 

g^-* ^S^l!*e iL^diate n«^^ 
collapsed structures. 

PRIMARY AGENCY: Department of Defense 
SUPPORT AGENCIES: 
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• Department of Agriculture 

• Department of Health and Human Services 

• Department of Labor 

• Department of Transportation 

• Agency for International Development 

• Environmental Protection Agency 

• Federal Emergency Management Agency 

• General Services Administration 

EMERGENCY SUPPORT FUNCTION #10: HAZARDOUS MATERIALS 

The purpose of this Emergency Support Function (ESF) is to provide Federal support to State 
and local governments in response to an actual or potential discharge and/or release of hazardous 
materials following a catastrophic earthquake or other catastrophic disaster. 

PRIMARY AGENCY: Environmental Protection Agency 

SUPPORT AGENCIES: 

• Department of Agriculture 

• Department of Conmierce 

• Department of Defense 

• Department of Energy 

• Department of Health and Human Services 

• Department of the Interior 

• Department of Justice 

• Department of Labor 

• Department of State 

• Department of Transportation 

• Federal Emergency Management Agency 

• General Services Administration 

• Nuclear Regulatory Conmiission 

EMERGENCY SUPPORT FUNCTION #11: FOOD 

The purpose of this Emergency Support Function (ESF) is to identify, secure, and arrange for the 
transportation of food assistance to affected areas following a major disaster or emergency or 
other event requiring Federal response. 

PRIMARY AGENCY: Department of Agriculture 

SUPPORT AGENCIES: 

• Department of Defense 

• Department of Health and Human Services 

• Department of Transportation 
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E • American Red Cross 

W- • Environmental Protection Agency 

p- • Federal Emergency Management Agency 



EMERGENCY SUPPORT FUNCTION #12: ENERGY 
^epurposeof this Emergency SupportFunctio^^^^^^^^ 

property, as well as carry out other emergency response fimcuons. 
PRIMARY AGENCY: Department of Energy 



SUPPORT AGENCIES: 

• Department of Agriculture 

• Department of Defense 

• Department of State 

• Department of Transportation 

• General Services Administration 

• National Communications System 

• Nuclear Regulatory Commission 

• Tennessee Valley Authority 
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AT^f ACHMENT 1 



COMPENDIUM OF EMERGENCY AUTHORITIES AND DIRECTIVES 



PUBLIC LAW 78-410, "PUBLIC HEALTH SERVICE ACT," SECTION 216, 42 U.S.C. 217 

This provision authorizes the President, in time of war or upon Presidential declaration of an 
emergency, to utilize the Public Health Service to the extent and in the manner that in his 
judgment will promote the public interest. 

PUBLIC LAW 78-410, "PUBLIC HEALTH SERVICE ACT," SECTION 311 U.S.C. 243 

This provision authorizes the Secretary of Health and Human Services to develop (and may take 
such action as may be necessary to implement) a plan under which personnel, equipment, 
medical services, and other resources of the Public Health Service and other agencies under the 
jurisdiction of the Secretary may be effectively used to control epidemics of any disease or 
condition, as specified, and to meet other health emergencies or problems involving or resulting 
from disasters or any such disease. 

PUBUC LAW 78-410, "DEFENSE HEALTH SERVICE ACT," SECTION 319 ™ 

This provision authorizes the Secretary of Health and Human Services to take appropriate action 
to respond to a "public health emergency" resulting from disease, disorder, or other cause. The 
Secretary must consult with the Director of the National Institute of Health, Administrator of the 
Alcohol, Drug Abuse, and Mental Health Administration, Conmiissioner of the Food and Drug 
Administration, or the Director of the Center, for Disease Control before determining that an 
emergency exists, and he must act through that official in responding to the emergency. 

PUBLIC LAW 81-774, "DEFENSE PRODUCTION ACT OF 1950, AS AMENDED," 50 
U.S.C. 2061, TITLE I, SECTION 101(a) AND 101(b) ™ 

This provision authorizes the President to establish performance priorities and to allocate 
materials and facilities to promote the national defense. 

PUBLIC LAW 93-288, AS AMENDED BY PUBLIC LAW 100-707, "ROBERT T. 
STAFFORD DISASTER RELIEF AND EMERGENCY ASSISTANCE ACT," NOVEMBER 
23,1988 — 

The Robert T. Stafford Disaster Relief and Emergency Assistance Act, P.L. 93-288 as amended, 
provides an orderly and continuing means of assistance by the Federal Government to State and 
local governments in carrying out their responsibilities to alleviate the suffering and damage 
which result from disasters. The President, in response to a State Governor's request, may 
declare an "emergency" or "major disaster," in order to provide Federal assistance under the Act. 
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The President, in Executive Order 12148, delegated all functions, except those in Section 301, 
401, and 409, to the Director, Federal Emergency Management Agency (FEMA). The Act 
provides for the appointment of a Federal Coordinating Officer who will operate in the 
designated area with a State Coordinating Officer for the purpose of coordinating state and local 
disaster assistance efforts with those of the Federal Government. 

PUBLIC LAW 95-124, "EARTHQUAKE HAZARDS REDUCTION ACT OF 1977," 42 
U.S.C. 7701 AND 7704 -- 

The Earthquake Hazards Reduction Act of 1977, as amended by P.L. 96-472 and P.L. 99-105, 
provides for the establishment of the National Earthquake Hazards Reduction Program (NEHRP) 
to reduce the risk to life and property from fumre earthquakes in the United States. FEMA is 
designated as the agency with primary responsibilities to plan and coordinate the NEHRP, which 
has five major elements: Hazard Delineation and Assessment; Earthquake Prediction Research; 
Seismic Design and Engineering Research; Preparedness Planning and Hazard Awareness; and. 
Fundamental Seismological Studies. Planning for the Federal response to a catastrophic 
earthquake is a major aspect of Preparedness Planning and Hazard Awareness under the NEHRP. 

PUBUC LAW 95-313, "COOPERATIVE FORESTRY ASSISTANCE ACT OF 1978" ~ 

This Act authorizes the Secretary of Agriculture to assist in the prevention and control of rural 
fires through coordination among Federal, State, and local agencies; and to provide prompt and 
adequate assistance whenever a rural fire emergency overwhelms, or threatens to overwhelm, the 
furefighting capability of the affected State or rural area. 

PUBLIC LAW 96-510, "COMPREHENSIVE ENVIRONMENTAL RESPONSE, 
COMPENSATION, AND LIABILITY ACT OF 1980," SECTION I04(i), 42 U.S.C. 9604(i) — 

More popularly known as "Superfiind", CERCLA was passed to provide the needed general 
authority for Federal and State governments to respond directly to hazardous substances 
incidents. 

PUBUC LAW 101-640, "WATER RESOURCES DEVELOPMENT ACT OF 1990," 
TITLE m, SECTION 302, 5(A)(1), NOVEMBER 28,1990 — 

This Act amends 33 U.S.C. 701n)a)(l) by replacing the term "flood emergency preparation" to 
include "preparation for emergency response to any disaster" and includes a provision that "The 
emergency fund may be expended for emergency dredging for restoration of authorized projects 
for Federal navigable channels and waterways made necessary by flood, drought, earthquake, or 
other natural disasters." 

UNITED STATES CONGRESS ACT OF JANUARY 5, 1905, AS AMENDED, 36 U.S.C. 
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The American National Red Cross Congressional Charter assigning the authority and 
responsibility for the American Red Cross to undertake activities for the relief of individuals 
suffering from a disaster. 

COMMUNICATIONS ACT OF 1934, AS AMENDED ~ 

This Act gives the Federal Communications Commission emergency authority to grant Special 
Temporary Authority on an expedited basis to operate radio frequency devices. 

OLDER AMERICANS ACT OF 1965, AS AMENDED, SECTION 310, 42 U.S.C. 3030 - 



This provision authorizes the Commissioner of the Administration on Aging to reimburse States 
for social services provided to older Americans following a Presidentially- declared disaster. 
FOOD STAMP ACT OF 1977, SECTION 5(h)(1), IMPLEMENTED BY PROPOSED FINAL 
RULEMAKING AT 46 CFR 8922 AND 46 CFR 8923 — 

Authorizes the Department of Agriculture to make food stamps available to low income 
households in any disaster situation in which normal channels of retail food distribution have 
been restored and the existing Food Stamp Program cannot handle applications from affected 
households. Food stamp assistance must be requested by a State. 

INTERSTATE COMMERCE ACT, EMERGENCY RATES, 49 U.S.C. 10724 AND 
11121 TO 11128 — 

These authorities allow the Interstate Commerce Conmiission (ICC) to authorize a common 
carrier to give reduced rates for service and transportation in an emergency. Further, these 
authorities permit the ICC to suspend any car service rule or practice, take action during 
emergencies to promote car service in the interest of the public and commerce; to require joint or 
conmion use of facilities when that action will best meet the emergency; to direct preferences or 
priorities in transportation, embargoes, or movement of traffic under permits; and to reroute 
traffic. 

"ROBERT T. STAFFORD DISASTER RELIEF AND EMERGENCY ASSISTANCE 
ACT (P.L. 93-288, AS AMENDED)," IMPLEMENTED BY FOOD DISTRIBUTION 
REGULATIONS, PARTS 250.1(b) AND 250.8(e) ~ 

These provisions allow any person/household temporarily displaced by a disaster to obtain 
USDA foods in congregate feeding provided by volunteer organizations such as the American 
Red Cross and the Salvation Army; no formal approval is required from USDA. Additionally, 
low income families can receive household distributions of food in situations where a Food 
Stamp Program is not available (e.g., commercial channels of trade are disrupted); formal USDA 
approval is required. 
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tTvcr-TTTiVF nRDER 10480 AS AMENDED. "FURTHER PROVIDING FOR THE 
ADmSXn ?L MOBDJZATION PROGRAM." AUGUST 14. ,953 - 

Part n of the Order delegates to the Director, FEM A, with authority to redelegate, the prionnes 
^aJft^atiTn factions conferred on the President by Title I of the Defense Producuon Act of 

1950, as amended. 

EXECUnVE ORDER 12148, "FEDERAL EMERGENCY MANAGEMENT," JULY 20, 
1979 — 

Fxecutive Order 12148 transferred functions and responsibilities associated with Federal 
fZ^^cy mZgc^^^ to the Director, FEMA. Assigns the Director, FEMA. the responsibility 
rSS^eTS^Ucies for and to coordinate all civil ^ 
management, mitigation, and assistance ftinctions of Executive Agencies. 

FYFrriTTVE ORDER 12472, "ASSIGNMENT OF NATIONAL SECURITY AND 
EMErS^^DjJSs TCLECOMMUNICATIONS FUNCnONS," APRIL 3, 1984 

Executive Order 12472 establishes the National Communications Sy^^m (NCS)^ Th^^^ 
consists of the telecommunications assets of the enuues represented on the NCS Comimttee c^r 
WncbalV ^d an administrative structure consisting of the Executive Agent, tiie NCS Committee 

^d ^rManager. The NCS Committee of Principals consists of represen^uves 
t^^^kZr^dmnXs, agencies, or entities, designated by the President, which le^e or 
orteirommunications facilities or services of significance to national security or emergency 
preparedness. 

EXECUTIVE ORDER 12656, "ASSIGNMENT OF EMERGENCY PREPAREDNESS 
RESPONSroiUTIES," November 18, 1988 — 

Assigns emergency preparedness responsibilities to Federal departments and agencies. 

FYFCUTIVE ORDER 12657, "FEMA ASSISTANCE IN EMERGENCY 
PREP^S^PL^^GATCOMMERCIALNUCLEARPOWER PLANTS." 

November 18, 1988 -- 

Assigns FEMA and other Federal agencies certain emergency planning responsibilities related to 
commercial nuclear power plants. 

FXECUTIVE ORDER 12777, "IMPLEMENTATION OF SECTION 31 1 OF THE 
FEDE^^^ P^UTION ACT OF OCTOBER 18, 1972. AS AMENDED. AND THE 
OIL POLLUTION ACT OF 1990." OCTOBER 18. 1991 -- 
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Refers to certain activities of the Natiohai Response Team and the Regional Response Team 
under the National Contingency Plan. 

7 CFR, PART 250.1(B)(10)&(1 1) ™ 

Refers to Section 409 and 410 b of P.L. 93-288, as amended, Robert T. Stafford Disaster Relief 
and Emergency Assistance Act, which reads, 'The Secretary of Agriculture shall utilize funds 
appropriated under Section 32 of the Act of August 1935 (7 USC 612 c) to purchase food 
commodities necessary to provide adequate supplies for use in any area of the United States in 
the event of a major disaster or emergency in such area." 

28 CFR, PART 65, "EMERGENCY FEDERAL LAW ENFORCEMENT ASSISTANCE"; 
FINALRULE — 

These Department of Justice regulations implement the Emergency Federal Law Enforcement 
Assistance functions vested in the Attorney General by the Justice Assistance Act of 1984 
(Public Law 98-473). Those functions were established to assist State and/or local units of 
government in responding to a law enforcement emergency. The Act defines the term "law 
enforcement emergency" as an uncommon situation which requires law enforcement, which is or 
threatens to become of serious or epidemic proportions, and with respect to which State and local 
resources are inadequate to protect the lives and property of citizens, or to enforce the criminal 
law. Emergencies which are not of an ongoing or chronic nature, such as the Mount Saint Helens 
volcanic eruption, are eligible for Federal law enforcement assistance. Such assistance is defined 
as funds, equipment, training, intelligence information, and personnel. Requests for assistance 
must be submitted in writing to the Attorney General by the chief executive officer of a State. 
The Plan does not cover the provision of law enforcement assistance. Such assistance will be 
provided in accordance with the regulations referred to in this paragraph [28 CFR Part 65, 
implementing the Justice Assistance Act of 1984] or pursuant to any other applicable authority of 
the Department of Justice. 

40 CFR PART 300, "NATIONAL OIL AND HAZARDOUS SUBSTANCES 
POLLUTION CONTINGENCY PLAN" (NCP) — 

The purpose of the NCP is to effectuate the powers and responsibilities for responding to 
nonradiological oil and hazardous substances discharges, releases, or substantial threats of 
releases as specified in the Comprehensive Environmental Response, Compensation and Liability 
Act, as amended, (CERCLA) and the authorities established by Section 31 1 of the Clean Water 
Act, as amended. The plan is required by section 105 of CERCLA, 42 U.S.C. 9605, and by 
section 31 1(c)(2) of the Clean Water Act, as amended, 33 U.S.C. 1321(c)(2). 

44 CFR PART 322, AS AMENDED, "DEFENSE PRODUCTION: PRIORITIES AND 
ALLOCATION AUTHORITY (DMA-3)" ~ 

The Order delegates the functions of the Director, FEMA, under Title I of the Defense 
Production Act, as amended, to those offices and agencies named in Section 201 of Executive 
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Order 10480 with respect to the areas of responsibility designated and to the Secretary of 
Transportation with respect to priorities and allocations for civil transportation services. 

FEDERAL COMMUNICATIONS COMMISSION REPORT AND ORDER OF 
AUGUST 4, 1981 — 

This order modified parts 2, 90, and 99 of the Commission Rules and Regulations to establish a 
disaster radio response capability for local government and State radio services. 

"FEDERAL RADIOLOGICAL EMERGENCY RESPONSE PLAN" - 

This document is to be used by Federal agencies in peacetime radiological emergencies It 
primly concerns the off-site Federal response in support of State and local g— i^^^^ 
jurisdiction for the emergency. The Federal Radiological Emergency Response Plan (FRERP) 
provides the Federal government's concept of operations based on specific authonties for 
responding to radiological emergencies, ouUines Federal policies and planning assumptions that 
underlie this concept of operations and on which Federal agency response plans were b^ed, ami 
spiifies autiiorities and iSponsibilities of each Federal agency that may have a significant role 
in such emergencies. 

"NATIONAL PLAN FOR TELECOMMUNICATIONS SUPPORT IN NON-WARTIME 
EMERGENCIES," JANUARY 1992 ~ 

This plan provides guidance in planning for and providing telecommunications supp^" f«J 
Federal agencies involved in emergencies, major 

DEPARTMENT OF DEFENSE DIRECTIVE 3025.1, "MILITARY SUPPORT TO CIVIL 
AUTHORITIES (MSCA)," 1992 -~ 

This directive outlines Depaitinent of Defense (DOD) policy on assistance to die civilian sedtc^ 
during disasters and other emergencies. Use of DOD military resources m civil emergency relief 
operations will be limited to those resources not immediately required for the execution of the 
primary defense mission. Normally, DOD military resources will be committed as a supp ement 
to non-DOD resources which are required to cope with the humanitarian and property protecuon 
requirement caused by the emergency. In any emergency, commanders are authonzed to employ 
DOD resources to save lives, prevent human suffering, or mitigate great property loss. Upon^ 
declaration of a major disaster under the provisions of P.L. 93-288, as amended, the Secreta^r of 
die Army is the DOD Executive Agent, and tiie Director of Military Support is ttie action agent 
for civil emergency relief operations. Military personnel will be under command of and direcdy 
responsible to tiieir military superiors and will not be used to enforce or execute civil law in 
violation of 18 U.S.C. 1385 except as otfierwise authorized by law. Military resources shall not 
be procured, stockpiled, or developed solely to provide assistance to civil autiionties dunng 
emergencies. 
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FEDERAL PREPAREDNESS CIRCtjLAR 8, "PUBLIC AFFAIRS IN EMERGENCIES" 



This Circular establishes the Interagency Committee on Public Affairs in Emergencies (ICPAE) 
to coordinate public information planning and operations for management of emergency 
information. The Circular was reviewed in draft by the ICPAE and will receive formal 
department and agency review. 

AMERICAN RED CROSS DISASTER SERVICES REGULATIONS AND 
PROCEDURES, ARC 3003, JANUARY 1984 — 

This document details the delegation of disaster services program responsibilities to officials and 
units of the American Red Cross. Also defined are Red Cross administrative regulations and 
procedures for disaster planning, preparedness, and response. 

AMERICAN NATIONAL RED CROSS MASS CARE PREPAREDNESS AND 
OPERATION PROCEDURES AND REGULATIONS, ARC 3031 — 

This document details the Red Cross mass care preparedness and operating regulations and 
procedures. 

AMERICAN NATIONAL RED CROSS NATIONAL BOARD OF GOVERNORS 
DISASTER SERVICES POLICY STATEMENT, JULY 1, 1977 — 

This document outlines the basic policies of the American Red Cross disaster services program, 
and the disaster relief services to be provided by units of the American Red Cross on a uniform 
and nationwide basis. 

STATEMENT OF UNDERSTANDING BETWEEN THE FEDERAL EMERGENCY 
MANAGEMENT AGENCY AND THE AMERICAN NATIONAL RED CROSS, JANUARY 
22,1982 — 

The statement of understanding between FEMA and the American National Red Cross describes 
major responsibilities in disaster preparedness planning and operations in the event of a war- 
caused national emergency or a peacetime disaster, outlines areas of mutual support and 
cooperation, and provides a frame of reference for similar cooperative agreements between State 
and local governments and the operations headquarters and chapters of the ARC. 
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D3 NATIONAL DRUG INTELLIGENCE CENTER 

A Quick Look at the National Drug Intelligence Center (NDIC) 
for Lessons Applicable to the Formation of a 
Nfltinnal Defensive Tnforma tinn Warfare Center 



D3.1 Background and Legislative History 

Durine the cocaine epidemic of the late 1980s, U.S. public opinion demoded greater Federal 
Go™ effom to combat a nationwide drug problem. Members of Confess and *e 
Fxlcutive Branch both reacted with pronouncements and policy moves. In 1988, the Ottice oi 
ExecutiyeBrancn ooui reac i; ^ Defense Department was given 

LX:::de«t:>::^,partiairy because of the 1^^^^ 

organizations. Hie National Drug Control Strategy of 1989 noted. 

A comprehensive thrust against drug trafficking enterprises and organizations 

Sent kind of intelligence....Greater emphasis needs to be devoted to 
Somltine this information for law enforcement purposes and analyzmg it [and 
rrSt"ce abetter understanding of the structure and infrastmcture of 
trafficking organizations and their allied enterpnses. 

In 1989 and early 1990, the ONDCP negotiated a constituency ^"PP^f ^^blicly 
endorsed the ^f^?' '"^^^^^^ ONDCP emphasized modernization of law enforcement 

wr^bel^ir^ulSrMl^. SU« L local officials for use. NDIC would n.a»ta.n 
c~ dS«scs. coordinaK coU«=tio,. and asking and assess mteragency 'ff"-?^ JJe NDIC 
be an interagency org»izauon to include Treasury f «• '"I'^lT^^^ 
o ,:o;«r, «f th*. NTDIC would be the responsibility of the Attorney General, i ne 
TT^ TZln «-sSng K.^i^ta'ted foreign collection and methodological and 
SSTa: nvisioned as being a s„«ll. efficient organization in 

Washington, DC. 

WitHU^forn^lAdtni— ^po^^^^ 

^SlgL'S^Sro^Center. In the end, after signincan. Congressional 
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negotiations and compromise, the NDIC was authorized. The compromise placed the NDIC in 
Johnstown, Pennsylvania, made the DOD the executive authority for the project, and restricted 
the Justice Department role in the Center itself to participation. A summary of relevant key dates 
and legislation is provided in Table 

D3.2 Concept of Operations 

The multi-agency National Drug Intelligence Center is located in Johnstown, Pennsylvania. It is 
organized with a Director and three Deputy Directors. The Director is a Department of Justice 
position. The Deputy Director for Operations is a DEA position; the Deputy Director for 
Administration is an FBI position; and the Deputy Director for Technology is a DOD position 
currently filled by DIA. The staff of approximately 300 is composed of intelligence analysts 
(from Federal law enforcement agencies [LEAs]), special agents (from DOJ), technical experts 
(from DOD), administrative support, liaison staff from other agencies, and specialized contractor 
support. The Center also has a small liaison office in the Washington DC area to facilitate 
coordination. 

Generally, the Federal LEAs have stand-alone terminals at the Center which can be used to 
receive data released to the Center and send material to the owning agency, but cannot directiy 
access agency network systems or databases. However, the Center has made some progress in 
negotiating direct access in some cases. PCs in a designated Operational Research Center allow 
analysts access to open source material such as Reuters, AP, and Nexis/Lexis. Desktop PCs 
throughout the NDIC allow analysts to exchange information among themselves via a LAN, but 
they are not connected outside the facility. Analysts generally focus on specific organizations as 
targets. They correlate and fuse information on crop production and facilities, financial practices, 
chemical sources, transportation and distribution assets, communications and other topics to 
produce strategic organizational drug intelligence (SODI) pertaining to the infrastructure of a 
drug trafficking organization. 

The Center both responds to specific requests for intelligence products and strives to develop and 
maintain a strategic organizational drug intelligence database, library and index system. The 
Center also has a deployable document exploitation team that can assist LEAs with reviewing, 
cataloging, analyzing and exploiting various documents which are seized in drug raids. 

Senior personnel at the Center acknowledge that rivalry among the LEAs — largely as a result of a 
"scoring system" that keys future funding to arrest and prosecution statistics — adversely affects 
the degree of information sharing and coordination that is achieved today. However, they 
indicate a belief in a positive trend as the mutual confidence builds from personal interaction by 
representatives from the different agencies. 



^ This paragraph abstracted from Executive-Legislative Relations in the Creation of the Nfltional Drug Intelligence 
Center . Donald J. Carey, LT., U.S. Navy, September 1991 . 

D-36 



151 



Table 

986 



1. A Summary of MUestones in Establishing the NDIC 



PL 99-570$ 1.7 Million approved for anti-drug measures. 



1988 

. 1 M63Defense Appropriations Bill includes $ 300 Million for narcotics interdiction. 
PL 100-690$2.8Binionapprovedforanti-dru^^^^^^^ 
^-rS^on^^^^^^^ 
1 1989 

PL 101-164Authorized $ 3.18 Billion in new anti-drug funding 

PL l01.231AuthorizeddrugfightingassistanceforColumbia,BoliviaandPeru 

September 19891989 Drug Control Strategy released 

December 1989Panama invaded. Gen. Noriega arrested on drug charges 

1990 

January 19901990 Drug control Strategy released 

June 1990Ugislation to establish NDIC sent to Congress 

PL ioi-511FY1991DefenseAppropriationsActprovided$10Millionfor NDIC in Johnstown 
PL 101-515Department of Justice prevented from expending funds on NDIC. | 

1991 

February 1991 1991 National Drug Control Strategy released 

FY 1992 Defense Appropriations Bill Provided $ 40 Million for NDIC 

L>t^>v.r 1QQ1NDIC opened in Johnstown,PA. ^ 
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D.3.3 Relationships Between NDIC and Other Government Agencies 

The NDIC has the responsibility for developing technical and organizational protocols 
(Memoranda of Agreement) required for access to information provided by other organizations. 
Technical protocols specify the hardware and software interfaces to allow NDIC access to the 
Agencies' information. Organizational protocols, documented in memoranda of agreement, 
specify restrictive procedures for accessing data and assure the protection by NDIC of both data 
source and success as specified by the originator of the information. The other Government 
agencies NDIC is working to establish protocols with to preclude duplication of effort and 
redundancy include: Treasury, U.S. Coast Guard, Immigration and naturalization Service, 
Customs Service, CIA, NSA, FBI, DEA and selected DOD organizations. 

D3.4 Relationships Between NDIC and International Agencies 

Currently, NDIC has no direct relationships with international agencies such as Interpol or with 
law enforcement agencies of other nations, although they are deemed desirable. At this time, 
such relationships are the closely guarded province of other Federal agencies. This situation 
exists regarding State and local authorities as well — such relationships are the province of the 
Federal law enforcement agencies. 

D3S Observations on Potential Lessons Learned and Pitfalls 

• It is essential to develop a constituency in both the Congress and the Administration in 
order to establish a IW-D Center. 

• A high level advocate who can articulate the need for the Center is essential. 

• There are likely to be concerns regarding the integration of the intelligence community or 
its use in support of a IW-D Center. 

• The preliminary operations concept of the Center needs to allow for Congressional 
compromises regarding physical location. 

• Interagency sensitivities regarding information use and sharing may be nearly as strong as 
those of civilian organizations that may be involved in the Center. 

• Funding for the Center should be as stable as possible through the formative period for 
establishing a capability. 

• High quality ''human capital" is a must. 
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of the Task Force deliberations and judged worthy of 
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E.1 INFORMATION INFRASTRlJCltJRE ASSURANCE PRINCIPLES 



Information assurance is a term which can be used to describe the needed IW-D capabilities (and 
associated protection) of an information infrastructure. Some basic definitions are needed to 
understand the principles: 

• Availability of Service - An assured level of service, capacity, quality, timeliness, and 
reliability. 

• Denial of Service - The opposite of availability of service. 

• Information Integrity - Complete, sound, unaltered, and unimpaired information. 

• Corruption of Information - The opposite of information integrity. 

• Information Assurance - The availability of services and information integrity. 

• Disruption - Denial of service or corruption of information resulting from a single event, 
cause, or source; whether direct or indirect; whether accidental, intentional, rare or 
conmion. 

• Stress Level - Military situations under which the infrastructure is expected to operate. 
These include: 

- Peacetime (natural disasters, sabotage, equipment and service failures, unintentional 
acts) 

- Crisis/mobilization (terrorism, low intensity conflict, conventional war) 

- Simultaneous two-theater engagements 

- Limited nuclear war (nuclear terrorism, uncoordinated/accidental, theater nuclear) 

- Expanded nuclear (coordinated attack) 

- Post-attack (recovery and reconstitution). 

In the traditional systems engineering context, availability is a function of the reliability and 
maintainability of the system while integrity of data is a function of the quality (or grade of 
service) of the system transporting the data. In addition, these measures of system performance 
are traditionally based on design assumptions that disruptions are random in nature (e.g., 
component failures, human errors, and acts of nature). 

Information assurance is not just a function of the reliability, maintainability, and quality of the 
network or infrastructure. Information assurance addresses the capability of an infrastructure to 
endure a variety of disruptions ranging from natural disasters to accidents to intentional 
disruptions by the enemies or by insiders. For example: 

• A lightning strike on a critical node in the network can cause node failure; or, an 
earthquake or hurricane cannot only physically disrupt the network but can also cause 
network congestion, another source of disruption. 
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juncture, 
assurance principles. 

resilient information infrastructure capabk ^^^"j"^^^^^^^^^ components will normally 

typical information system design assumes ^^jf^f f ^J^^^^ individual components. A 

derate properly, with the ^<>™,^-^"^^ "^^^^^^^^ that only some of the 

resilient information infrastructure f f ^^^f ^^^S^f^^^^ inforination system design will 

components will operate properly at any PO'nt " nme^ j^JP ,,,hniques to use 

incoUte central control "J^"^;^^"^^^^^ must be based on some 

resources efficiently. A resilient f ^^^^^^ of the infrastrucmre. 

decentralization of control and ^"^^If "I'pP^X^^^^^^^ a resiliem information 

Infomiation system design is typically f the entire field of fault 

infrastmcmre design must be b^ed on f ^ ^^^^J^^^^^^^ efficiem systems m 

tolerantcompuUngisbasedondie^ Similarly, the design 

:frr:-ir^^^^^ 

failure mode will not result in an infrastrucmre failure, 
manage and control these capabilmes. 

irfrastructure. •V.*."™22^fScoanttm.«^«r»s to threat occurrence be based on 



part of the infrastructure. Finally, it will be necessary to assume some degree of risk while 
maintaining some minimum infrastructure operating capability. 

Based on a review of existing documentation, a list of information assurance principles has been 
developed and is presented below. Because the infrastructure and the concept of information 
assurance are still under development, the list is not exhaustive. 

The following operational information is required from CJCS and the Commanders-in-Chief 
(CINCs) of the Unified and Specified (U&S) Commands to quantify some of the principles: 

• Information Transfer Priorities - Priorities for the transfer of voice, data, imagery, and 
video information based on a process developed by the JCS and based on the existing 
process used to establish priorities for voice and messages. 

• Minimum Operating Capability - The minimum set of fixed and deployed capabilities 
required for each stress level, based on operations tempo and forces supported. 

• Normal Operating Capability - A specified set of fixed and deployed capabilities required 
for peacetime and crisis/mobilization stress levels, based on operations tempo and forces 
supported. (In coordination with CJCS and the CINCs, DIS A will, in its role as the 
central manager of the DII, specify this set.) 

• Expected Disruptions - The expected level of disruptions to be sustained over time at 
each stress level. (This is normally based on intelligence estimates of enemy capabilities, 
insider threats, natural disasters, and other anticipated causes.) 

• Minimum Assured Resiliency - The capability to sustain a specified number of 
simultaneous, worst-case disruptions at each stress level while still maintaining the 
Minimum Operating Capability. 

• Desired Resiliency - The capability to sustain Expected Disruptions while maintaining a 
Normal Operating Capability. (In coordination with CJCS and the CINCs, DISA will, in 
its role as the central manager of the DII, specify this set.) 

Information Assurance Principles: 

• The infrastructure shall be considered a potential battlefield. 

• The infi^tructure shall provide Minimum Resiliency. 

• The infrastructure shall detect substantial disruption, differentiate accidental disruption 
from intentional disruption, provide ample warning of disruption, respond to and recover 
from disruption, and be repairable at a rate sufficient to sustain Minimum Operating 
Capability under Expected Disruptions. 

• The infrastructure shall detect large classes of event sequences that are likely or 
anticipated to lead to disruption and provide mechanisms so that disruptions from these 
events are: 
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. Prevented when possible within cost constraints 

Umited in the extent of their effect when prevention is not fe^tbl. 
. Responded to prior to actual disruption when detected in t,me 

Traced to their sou.ce whenever possible within cost constra,nts. 

/i:L.ructureop.ra.ions.,nanase.e«^^^^^^^ 
assurance capabUities shaU be ^ '"""'^'^ " 

toy perform and operate P^I^''^ 'J^" "V^B do no? unduly degrade Uk 

. ".ructuresha..bedesi..^o^^^^^^^^^^^^ 
infrastructures. 

. New infrastmcOOTConiponents shall be designed such that: 

;taredis,up.ed.the,dono.reoctsoastodisrupt„eighboringcomponen. 
. ^lU~iShboringco.^aono.disrup.d»newco,nponentregardlessofd. 

N^rRands^sten-nranagen^ntser^cesarenodftedofdisrupuonsand,— 

Ktworte. ^ ^ 

. The ^"^X^aJSnS, Sd maintaining the infrastmcmre are 

^'frSt:SL°Sr st-s. a^d L ample personnel and resources are 
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available to operate and sustain the infrastructure at the Minimum Operating Capability 
during Expected Disruptions. 

Sufficient inventory of and/or manufacturing capability for parts, equipment, tools, 
supplies, and support systems shall be maintained to enable operation, repair, and 
reconstitution of the infrastructure under all stress levels. 

• The infrastructure users shall be licensed to operate on the information highway. 
Licensing procedures shall include knowledge of the network, rules of the road, 
information assurance, and incident response processes and capabilities. 

The goal in postulating these information assurance principles is to eventually outline a set of 
specifications (on the order of A-Level specifications) that will shape the design and integration 
of the infrastructure or that can be used as a part of the specifications for the acquisition of 
services from the local and long-distance carriers and from information processing vendors. In 
order to bridge the gap between the information assurance principles and a set of specifications, 
it will be necessary to develop strategies for providing the attributes. Some elements that might 
be considered in developing those strategies include: 

Capacity 
Diversity 

Co-location of network components at hardened subscriber sites 
Provision of uninterruptable power to selected sites 
Selected redundancy in network components 
Use of diverse transmission media 
Redundant network access links for key subscribers 
Precedence (priority) mechanisms 
Congestion control mechanisms 

Transportable reserve assets for reconstitution of damaged portions of the network 
Infrastructure restoration and reconstitution 
Multiple inter-network gateways 
Personal reliability program for network managers 

End-to-end network control (that does not depend on the network to operate) 
Scalable infrastructure components 
Repairability. 

Successful implementation of information assurance will require a multi-disciplinary team 
capable of formulating a comprehensive set of requirements, knowledgeable of current and 
emerging technologies, capable of overseeing the design of the infrastructure from an 
information assurance perspective, and capable of managing the implementation of information 
assurance in the infrastructure. 
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^2 ««Raise the Bar*' Exercise 

It can be played two ways: 

• ,on.hle take as a goal maximizing the protection ot 

and on what to spend It. 

. ..^«.i»™mexcep.fi. — a— Hs. of .... .o . ^e„. a„a *c„ 
estimate the cost to do them. 

===== . hi.h to select but not a comprehensive or complete list by any 
Relow are some options from which to select, Dui nui 

,™ ,11 excep. do i. for all users in an op.ra.ional enUQr; e.g., "mman"- 
Lr,rn"«S"i!Sfo™a«iairbases. 

3„U>e.ev..of.fror.inU.eUSAFp.sra.(bHef«i.ous)byafac.orof3.oge...do„e 
so<^r^la«l,.pickadiffe..n.fac«,rofspeedup. 

5 taplen«nt 14] a projecttd ti,ne-u«ompl.tt of X years. 

S IndusuialorgarUzaUons^hohavehadseriousi^^^^ 
tpprecia^ fl« impor^nce ot pr«««ngag.^-^^ 

;^r.7rSSirH:^=-cHe,a....es.sCiU.a.. 
Mo..anin«nsiveal...^dsa«^— ^^^^ 

r SurveyalUnsuiieainf^sys^^^— r^^^ 
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tested, and made operational in (say) 18 months, and that the relevant operational staffs are also 
well informed and trained, 

8. Make the recently published NIST Handbook of computer security required reading for all 
personnel associated with the operations, maintenance, installation, design, procurement and 
upgrade of both hardware and software in key [or: all] information systems [Alternate: do this 
initially for all information systems based on COTS; but later, add the embedded systems as well]. 

Make this handbook also required reading for every training or educational course given to 
military personnel. 

9. Survey all acquisitions of information systems and computer-containing weapon systems now 
underway and take such steps as necessary to guarantee that up-front design consideration has 
been given to information assurance, netsec, infosec and opsec. 

10. Compile an inventory of all weapon systems that contain embedded computers and for each, 
define and characterize the line of responsibility, organization(s) and physical locations which 
support the deployed system. Hence, identify vulnerabilities and weak spots that might be 
exploited by an opponent; create plans to remedy these risks on a quick response basis. 

11. Survey all deployed weapon systems that are computer-based with especial attention to all 
phases of maintenance and upgrades of software and hardware and to daily operations. The 
object is to identify places and means by which subversive actions could be taken to degrade or 
perturb weapon performance. The level of effort might be such that candidates for this 
examination will need to be ranked in order of importance and operational vulnerability. 

12. As in item [11] but do for all support systems, whether CONUS or field deployed, that are 
not COTS-based but use specialized software and/or hardware. 

13. As in [12] but for COTS-based systems. 

14. Reconsider any/all of the prior suggestions from the point of view of likely geographic, 
cultural and infrastructure circumstances in which U.S. military forces might have to operate in 
the next (say) decade; e.g., SWA, Adriatic theater, mid-East, Korea. Object: to judge whether a 
different prioritization of effort would be suggested or warranted. 

15. Begin an assessment of the civilian-infrastructure aspect of the issue; e.g., identify the 
military bases essential for an OCONUS deployment and do so for several different durations of 
engagement (e.g., weeks, months, years). Identify for each the present arrangements for 
provision of electrical power, of other energy sources, of conmiunications - especially telephone 
and PSN-based, and of off-base medical, personnel, or conmiissary requirements. 

16. As in [14], but for long-term overseas bases; e.g., Europe, Japan/Korea/Okinawa. 

17. Any/all of the above for the intelligence systems (sensors, ground stations, antenna farms, 
electronic establishments) rather than for the operational forces and the support structure. 
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APPENDIX F 
TECHNOLOGY ISSUES 



^^^^ TechnoIogy_endationsn.ade 
by the full Task Force are included in the basic report. 



TECHNOLOGY ISSUES 
FOR THE DSB TASK FORCE 
ON INFORMATION WARFARE DEFENSE 

SYSTEMS. ARCHITECTURE. AND TECHNOLOGY FOR SECUROY AND 

: ^^FlS32!l^SYSTE«TECHHOLOGYEVALUAlK,NC*PAB.lITy 

AiilATliRITY MODELS 
nIIjI^SL. SIMULATION. TRAINING. AND EXETOBK 

- 64I00EUN6 AND SIMULATION 

WAliSnSSSSS & SURVEILLANCE, AND DAMAGE ASSESSMENT 
_ l04K»IIT0lllMOANDSUBVEItLAMCE 

1>C0MPREHENSIVE RESEARCH EFFORT ^ 



developed by U,e Technology Pa»e. a. p«se,«d h, a set of key «oh«o.ogy ^ for 
SLnatton WaifaK Defense, which ate grouped as shown. 
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SECURITY & SURVIVABILITY OF NEW AND 
EMERGING TECHNOLOGY 

• ISSUE: 

- SYSTEMS BASED ON CURRENT TECHNOLOGY ARE VULNERABLE 
DUE TO LACK OF ATTENTION TO SECURITY AND SURVIVABILTTY 
DURING DESIGN AND DEVELOPMENT 

• RECOMMENDATIONS: 

- INCORPORATE INFORMATION SECURITY EARLY ON IN NEW 
INFORMATION SYSTEMS TECHNOLOGY DEVELOPMENT 

- DEVELOP AND MANDATE USE OF WIDELY ACCEPTED ROBUSTNESS 
STANDARDS (COOPERATIVELY DEVELOPED BY GOVERNMENT & 
COMMERCIAL INTERESTS) 

• COMPONENTS 

• INTERFACE STANDARDS 

• POUaES. PROCEDURES ft PROCESSES 

- COMPUANCE ASSURANCE 

- CONFIGURATION MANAGEMENT 

- AOMMtSTRATIVE OVERSKSKT 

• OPERATIONAL TRAINING 

- REQUIRE VULNERABILmr & COUNTERMEASURE ANALYSIS DURING 
R&D AND SYSTEMS DEVELOPMENT 



SECURITY AND SURVIVABILITY OF NEW AND EMERGING TECHNOLOGY 

Current system vulnerabilities are due in part to lack of attention to security and survivability 
issues during design and development of computing and communicating technologies. Now that 
the collective vulnerability due to dependence on these technologies is recognized, it is equally 
important to recognize the need to address security and survivability concerns in the development 
of new technologies. Security and survivability must be treated as critical requirements in the 
conceptualization and development of new and emerging technologies. While new technology is 
in its earliest conceptual stages, there are unique opportunities to influence developments so as to 
minimize vulnerabilities and strengthen security. 

Information security needs to be incorporated early on in new information systems technology 
development. It is essential that the government and conmiercial developers of products for 
information systems cooperate in the evolution of common standards for robust products and 
practices. Information security and survivability should be incorporated early on in the 
development of new information systems. It is reconmiended that significant attention be given 
to stimulating and encouraging this process. Areas where commonality of robustness standards 
and practices should be pursued include: component hardware and software products; security 
interfaces; system management policies, procedures, and processes addressing such issues as 
compliance assurance, configuration management, administrative oversight, and robust systems 
operational training programs. 

Since a significant level of research in the information technology area is fixnded by the DoD, 
security and survivability should become required aspects of funded programs. In addition, a 
DoD funded research activity should be directed at vulnerability- and countermeasures-oriented 
analyses of new ideas and emerging technologies, and making the results widely available to the 
research community. 
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SSvWABLE INFOBMATION SYSTEMS 

I PRINCIPLES 

I . FAULT TOLERANT SYSTEMS 

I . TRUSTED SYSTEMS ^«.«nQVSTCIiS WHICH CAN OPERATE WHILE UTILIZING 

. ARCHnECTUREroRSaim^«|^BUTC 
I INSECURE SUBNETS AND SUBSYSTEMS 

. ^^TENCYMECHANISMSFORDISTTaBUTEOSYSTEMS 
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COTS INFORMATION SYSTEM TECHNOLOGY 
EVALUATION CAPABILITY 

• ISSUES: 

- THERE IS GROWING RISK OF VULNERABILITY DUE TO INCREASED REUANCE 
ON COTS INFORMATION SYSTEM PRODUCTS; ROBUSTNESS & SECURITY 
FEATURES NOT GENERAUY A PRIORITY FOR VENDORS 

• RECOMMENDATIONS: 

- ESTABUSH FOR DoD A COTS INFORMATION SYSTEM TECHNOLOGY 
EVALUATION CAPABILITY TO: 

• IDENTIFY VULNERABILITIES, RND WORKAROUNDS, AND DISSEMINATE RESULTS 

• HELP DoD BE AN INFORMED BUYER 

• UNDERSTAND RISKS AND HOW TO OPERATE IN FACE OF RISKS 

• SCREEN FOR VIRUSES 

• CONDUCT VULNERABILITY ANALYSES 

• DEVELOP MITIGATION TECHNIQUES FOR EXISTING PROBLEMS 

• EVALUATE INTEGRATED SECURITY ARCHITECTURES 

• PROVIDE RISK ASSESSMEN /ADVISORY SERVICES TO USERS /SYSTEM DEVELOPERS 

• PROVIDE INFORMAL RANKINGS OF COTS INFORMATION TECHNOLOGY PRODUCTS 
TO CREATE A MARKET INCENTIVE FOR VENDORS TO IMPROVE THEIR PRODUCTS 

- DEVELOP LONG RANGE PLAN TO MIGRATE TO A NATIONAL CAPABILITY 

• Note - This is an open-ended problem because the number of COTS products is 
growing rapidly. Funding is identified to develop the basic capability • application 
of it would be distributed. 



COTS INFORMATION SYSTEM TECHNOLOGY EVALUATION CAPABILITY 

Economic pressures are driving the DoD toward use of COTS information systems technology, 
rather than custom mil-spec systems. Unfortunately manufacturers are not motivated to develop 
defensive IW features in their products, since commercial customers generally are not demanding 
them, and such features typically impact performance. Thus the DoD must take special measures 
to insure that the COTS approach provides adequate DIW protection for DoD applications. 
It is reconmiended that a COTS information system technology evaluation capability be 
established within the DoD, in order to characterize vulnerabilities in COTS products, and to 
develop means for dealing with their deficiencies. Basic DIW performance/certification criteria 
should be developed, focusing initially on DoD needs but conforming to best conmiercial 
practices insofar as possible. A major long term goal is to foster collaboration with the 
conmiercial marketplace, and plans should be developed to migrate toward a national joint 
DoD/conmiercial technology evaluation capability, rather than unilaterally setting rigid DoD 
requirements that ultimately will be resisted or ignored by industry. This organization or set of 
organizations should identify product vulnerabilities, discover workarounds, and disseminate the 
results. The idea is to understand the risks and leam to operate in the face of them. Currently 
many DoD organizations would have to analyze these products themselves; a central facility 
would leverage scarce expertise and save money. Such a center could serve a role like a 
'"Consumer's Union/' and informal rankings of products could be provided, which could act as 
a spur to vendors to improve their products. 

R&D is needed, preferably with joint government/industry support and working with both the 
offensive and defensive IW conmiunities, to develop means for identifying product 
vulnerabilities to both established and emerging threats, disseminating information on such 
weaknesses, and developing corrective measures. Such a technology evaluation center should 
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also provide risk assessment/advisory services to system developers and users, perhaps based on 
the current Internet model of cooperation. 

Note - Implementation of this recommendation is not trivial The intent is to develop the 
^tonng/apphcat^^^^^^^^ incorporated into a DoD system,, the capability must have been 

pay fi theifsystem for test. TTe funding proposed is only for development of the 
capability. 



MATURITY MODELS 

• ISSUE: 

- LACK OF CAPTURE AND PROMOTION OF BEST SECURITY PRACTICES 
TO GUIDE ROBUSTNESS IMPROVEMENT IN SYSTEM ACQUISmON, 
ENGINEERING. AND MANAGEMENT 

• RECOMMENDATIONS: 

- DEVELOP MATURITY MODELS FOR ROBUSTNESS AND SECURITY 
(BUILD ON SOFTWARE & SYSTEM ENGINEERING MATURITY MODELS) 

- EXTEND ACOUBmON MATURITY MODEL TO INCLUDE PRACTICES 
FOR IMPROVING ROBUSTNESS OF ACQUIRED SYSTEMS 

- DEVELOP MATURITY MODEL FOR SYSTEM MANAGEMENT PRACTICES 

- RECOGNIZE SYSTEM MANAGEMENT AS A READINESS ISSUE 

- DEVELOP ASSESSMENT METHODS TO SUPPORT EACH MODEL 

- INCLUDE "RED-TEAMING" OF THE MATURITY MODELS 

- DEVELOP TOOLKITS TO AID IMPLEMENTATION OF PRACTICES 
DERNED BY THE MODELS 

- APPLY MODELS TO ASSESS THE MATURITY TO THE CRITICAL 
NATIONAL INFRASTRUCTURE (E.G, TELECOMMUNK^ATIONS, ENERGY 
DISTRIBUTION. TRANSPORTATK>N. ETC.) 



MATURITY MODELS 

The trend toward increased use of commercial off-the-shelf software, open systems and wide 
area networks, is placing the information assets of many organizations at risk. These 
organizations may not be aware of the risks associated with these new environments, and may 
not be aware of the key engineering and network management practices that can be used to 
mitigate the risks. Acquisition and engineering managers lack comprehensive models and 
analytic techniques to evaluate the impact of architectural and otfier design choices on system 
robusmess before major implementation investments have been made. Once networked systems 
are placed into operation, network operators often depend on practices and tools that were 
developed to assure the integrity of proprietary networks that had limited external connectivity 
and that were based on custom-designed software. Integrity assurance techniques developed for 
these restricted environments are not adequate for open, wide area networks or for an 
environment characterized by rapidly changing technologies and threats, and are typically 
focused on classical security issues. 

Organizations that acquire and operate networked systems are in need of models, guidelines and 
tools that are effective at helping them acquire and operate systems that are highly resistant to 
attack, that are able to limit the damage from successful attacks, and that are capable of rapid 
recovery from attack. As missions, technology and threats evolve, these organizations also need 
system robustiiess assessment methods that allow them to adapt to the changing environment. 
Models, metiiods, and tools should be developed and refined concurrentiy to insure that 
management practices are aligned with the technology that supports them. The areas indicated 
below should be addressed. 
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Robustness Engineering Modek 

It is recommended that existing Software and Systems Engineering Capability Mamnty Models 
u ^.rJ^H to describe the key engineering practices and technologies needed to allow 

attributes of the delivered systems. 

Robust Systems Acquisition Maturity Model 

It is recommended that the existing acquisition mamrity model be extended to provide 
descrStirofthe key practices acquisition organizations should follow to ^^Fove ±e 

custom software, and specifies the use of robusmess evaluation for off-the shelt sonwar 
Survivable Network Management Model 

information svstems Management and validation of information systems must be given me 
threat. 

But more than a Network Management Model is needed. Automated tools are needed which will 
Stow it^S^ nra^e«»»t of large, complex, heterogeneous networks, wtth automated 
tll^rSof an or^ization-s survivability and security management models. 

Robustness Assessment Methods 

^r,A.A that robustness assessment methods be designed to allow an organization, 
'' •fn'^rj:^ o^ife e^^^ Salyze its practices against each of the system robustness 
::"t:iu:^:^M-^ -rrent state and developing robusmess/survivabihty 
improvement strategies and plans. The assessment methods must: 
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- be suitable for self-assessment; 

- yield detailed results that tell an organization where it is, where it should be, and how to 
get there; 

- take advantage of a knowledge base that tracks threats and vulnerabilities; and 

- be self-tailoring to the organization being assessed. 

Robustness Improvement Toolkits 

It is recommended that robustness improvement toolkits be developed that provide the tools 
needed to support the assessment methods and the key practices defined by the models. Tools 
must be stmctured to encapsulate knowledge of system robustness practices to leverage scarce 
human resources in order to help people understand which tools to use for what purposes, and 
promote commercialization of the tools and a conmiunity of vendors to extend and maintain 
them over time. 

As these models and practices evolve, it is reconmiended that they be applied to and evaluated 
for effectiveness against critical elements of the national, information-dependent infrastructure, 
such as energy distribution, telecommunications, and transportation systems. 
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TRAINING OF SYSTEM AND NETWORK ADMINISTRATORS 

ADMINISTRATORS TO FORM SKILLED CADRE 
_ ESTABUSH RECOGNIZED CAREER PATH 

. CRITERIA FOB SELECTION AND CERTinCATlOH 

- d^veIoVTn^a^touctureforsecuritytraining 

. TECHNIQUES. COBRICUUIM. TOOLS. TEST BEOS 
. EXPLOIT SIMULATION TECHNOLOGY 



MODELING AND SIMULATION 
'?"c5rrentmodeungandsimulat,onefr,rtsdonot«.cludeoiw 

"!'o^rp'JS?SNGANDS^^^ 

fwTl^t^™SE^MtS^°Sc1SG°NCURRENTS,^ 
reSS AND TRAINING. AND IW GAMING 

- SE^s^N^^sis^s^r&r^^^^^^^ 

- r^l^^G^^^r^^URRENTDISTBIBUTEDINTERA^ 
5f0RTS(C00HDINATE WnH DMSO) 
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RED TEAMING 

ISSUE: 

- DW RED TEAMS ARE NOT USED ROUTINELY IN OPERATIONS & EXERCISES 
RECOMMENDATIONS: 

MW TECHNOLOGY AND STRATEGY DEVELOPMENT PROCESS 

* SJS?rS2Sj;^^i^'^*^'"«^'^P™«-Y-CONSTlTUTED RULES OF 
ENGAGEMENT TO AVOID UNNECESSARY DAMAGEAMSRUPDON 

* AmSI""^™"'"" * ROBUSTNESS ENGINEERING AS WELL AS IW 

• PBOVIOBVUUIERABIIJTY ANALYSIS TO THE ANTMIEO TEAM 

• SPECTRUM OP ATTACK SHOULD INCLUDE: 

- DECEfmOM,DESniUCTmCORBUI>TIOM.ASWBJ.*SeXPLOirATIOI« 

" ?^S2;,J?'*"'*^*»™0'»«-0«'ESINADDIT10NTO APPLYING KNOWN 

- DEVELOP ANTI-HED TEAM TACTICS/ SOPS 

- MUST DISTINGUISH RED TEAM PENETRATIONS FROM REAL PENETRATIONS 



RED TEAMING 



Red Teaming is an essential component of the DIW strategy and technology development 
process, but ,t is recommended that the concept be extended to include vuLability Sses as 
well as carefully planned attacks during experimental activities in controlled testbedsld during 
training/planning exercises. The Red Team exercises should be conducted under proLr mks of 
engagement to avoid unnecessary damage or disruption to infonnation systems The 

^At^^^f "^rlT ""^^'"^ ^ ^^-^^ P^rf°™ robustness engineering 

and to plan for fightmg the Information War during the exercises as well as during operations 

'^7^^ ^ ^^^"^ ? ^^^'^P^"g methodologies in addition to reuse and 

app icauon of current attacker techniques. For example, attacks should be designed which 
aSS t' T"' ' feamres. which must be assumed known to aSphirticated 

attacker^ In formulating these attack strategies, models should first be developed for system 
v^nerabihty and its likely defenses, and these models should be exploited inVe S 
sti^gies. Vulnerability analyses and Red Team attacks should be conducted at the application 
and ^stem level, as well as at the subsystem level, with the goal of uncovering how oSnT 

sensors and communication assets), and how supporting communication links, or Specific 
computers and network nodes can be compromised. *^ 

In addition to Red Teams, it is recommended that Anti-Red Teams (DIW Teams) be formed and 
t^ked to prepare for and fight Red Team attacks. These activities will provide Ae bSor 
developing strategies and tools for use during operations to detect and respond to Inflation 
Warfare attacks. The Anti-Red Team should also be charged with providfng inpu^T system 
designers and builders to assure the incorporation of robustness feamres N^t^EanaeeT 
should be included as part of the DIW teams to assure that damage conLmeTlTr^fce 
restoral techniques are effectively exereised as part of the countef-Hl^oSon 
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COORDINATION AMONG OFFENSIVE IW, 
DEFENslvE IW. AND INTELLIGENCE 

IMPROVED THROUGH D^NAWC ir^Rr"^ oFFENSE, DEFENSE. AND 
. UACKOFINFORMAJONS^^^ 

Tot^SS-SS-"-^^ 

' 12<SeO COORDINATION 
. RECOMMENDATIONS: ^ ^^^^ TOPLAYA 

. PBOIWrrE DYNAMIC INTERPIAV AMONG OP 

INFORMATION 

«PI=^NS1VE IW DEFENSIVE IW. AND INTELUGENCE 
COORDINATION AMONG OFFENSIVE IW, 

.oavoidunnecess^vutoe^bU.^-. support a —„g. ayn»^ 

aSogue and interplay an»ng <>« f «»^'";,^*^ew ™lnerabiU.y discoveries and at«k 
ac J.y should 'tlSXt^ta^bility assessn^ms of emergrng defens.ve 

techniques on the one ™ . 
techniaues and technologies on the otnernai 

• f„rtacilitatingandcoordinati„gthisdynamicin,e,play.an 

To provide an objective & of vested interests on ei*er *e 

in^oendent "ORANGF team could • ^j^o piay the role of umpire ana 

offSe. defensive, or '■'^^"^^^X^tn^nt war ganung activities. In gene^ 
ob^ve score keeper in '«'-'«^"tbSer understanding of the fundamental exploitable 
thb type of 3-way interaction «•« ^ 



F-lt 



1^ 



flaws typically occurring in system and communication software, distributed system architecture, 
communications infrastructure, and system management policies and procedures. This will also 
lead to new tools to address these particular areas of weakness, such as a tool for scanning 
developmental software to uncover design and/or implementation flaws, and leading ultimately 
to more reliable, robust end products. 
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NATIONAL CAPABILTTY FOR IW INDICATIONS AND WARNING 



damage occurs. 

capable of continuously gath«.ng ^"^f^f ™ „ ^^^^^ be charged with searching for and 
will as conunercial infrastructure 'J-^^"^. ^'^.^nUrfinated attack and providing warnings 
detecting early signs and P«°»«"^, ""^^^'Cards that end, a phased approach is 
to U.S. government and pnvatt s«^M STSii^on which is scalable and extens.ble. and 
reconunended. beginning with a »»'^'°"T?oTorgani2ation. Roles of the organtz^ion 
evolving towards a pan 8-"^" .f^^^;": X— ^ '«-™«««»" "' T^' 
should include gathering and '"'^^^'^"l^j'fBtab^t and responses from the community. The 
and acting as a clearing house to J~J^"^^™^%„ Lhniques and tools for attack 
center should also act as foca^ P^^^'^^Sot Ptogram, an inteiconneoion of exisang 

detection and ^y'^;^^^^^Z^» consisted. 
DoD emergency response centers snoui 
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MONITORING AND SURVEILLANCE 

• ISSUE: 

- TECHNOLOGY TO MEASURE AND MONITOR PENETRATIONS AND 
WIDE SCALE ATTACKS ON THE Nil IS INADEQUATE 

• RECOMMENDATIONS: 

- DEVELOP AUTOMATED. DISTRIBUTED. COLLABORATIVE 
MONITORING AND SURVQLLANCE STRATEGY 

- ESTABUSH BROAO-BASED R&D EFFORT TO: 

• CREATE TOOLS TO FILTER NETWORK AUOTT DATA 

• CREATE TOOLS TO DISCRIMINATE BETWEEN NORMAL AND ABNORMAL 
BEHAVIOR. EASILY EXTENDIBLE FOR CHANGING THREATS 

• DEVELOP AUTOMATED. DISTRIBUTED. COOPERATTVE TECHNIQUES FOR 
CORRELATING AND EXPLOITING DATA ACROSS MULTIPLE SITES 

- DEVELOP, EVALUATE AND TRANSITION INTRUSION DETECTION 
TECHNOLOGY TO CRITICAL INFRASTRUCTURE SYSTEMS 

• DEVELOP TECHNKIUES FOR AND INVESTKSATE USE OF COOPERATING 
INTRUSION DETECnON SYSTEMS IN LARGE HETEROGENEOUS 
NETWORKS 

• DEVELOP ANALYSIS AND EVALATKM TECHNIQUES FOR INTRUSION 
DETECTION SYSTEMS 

• DEVELOP MODELS TO CHARACTERIZE IW ATTACKS 

• DEVELOP TECHNIQUES FOR AUTOMATED RESPONSE TO fW ATTACKS 



MONITORING AND SURVEILLANCE 

Current technology to detect, monitor and characterize local penetrations and wide scale attacks 
on the National Information Infrastructure (Nil) is inadequate. A wide scale, coordinated, multi- 
faceted IW attack on the national information-dependent infrastructure represents a major 
distributed measurement and analysis challenge. In order to detect attacks of such scale and 
likely degree of subflety, it will be necessary to extract and correlate data across many sites, since 
measurements at any single site may not be sufficient to reveal the emerging overall pattern. The 
types of attack mounted may involve techniques and degrees of sophistication beyond simple, 
standard intrusion detection tactics. 

It is reconmiended that an investment be made in developing a distributed monitoring and 
surveillance strategy for large scale networks, along with an associated set of supporting network 
architectural and instrumentation principles. Further, it is reconmiended that a broad based 
research and development effort be established to develop: 1) flexible, field modifiable, trainable 
tools to leverage human network and security administrators in filtering network audit data, 
discriminating between normal and abnormal behavior, and recognizing network attacks; 2) 
applied pattern recognition techniques (e.g., statistical model based, or neural net) capable of 
adaptation, learning and coping with temporal pattern sequences; and 3) techniques and strategies 
for automated, collaborative, distributed pattern recognition and problem solving, supporting die 
correlation and exploitation of data gathered across multiple sites in a large scale network. 

There is a critical need to develop, evaluate and transition intrusion detection technology and 
methodology to critical infrastructure systems, in particular teleconmiunication systems. To meet 
this need it is recommended that significant R&D efforts be focused in 1.) development and 
investigation of techniques for cooperative intrusion detection in large scale heterogeneous 
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of services. 

in realistic scenarios and testbeds. 
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DAMAGE ASSESSMENT 



ISSUE: 

- DAMAGE ASSESSMENT TECHNIQUES ARE INADEQUATE AND 
LEAD TO OVER OR UNDER REACTION TO INFORMATION WA^^iSI 

RECOMMENDATIONS: 

" Sf«i;?reo°JlI,'*''^"^'*^"'^ DAMAGE ASSESSMENTTECHNIQUES 
/MEASURES THAT ASSESS LOST INFORMATION AND SERVICES ANB 
CORRUPTED INFORMATION OR SOFTWARE SERVICES. AND 

- DEVELOP TOOLS TO SUPPORT ASSESSMENT TECHNIQUES 

• DEVELOP MULTIPLE LEVELS OF DAMAGE ASSESSiEMTTOOLS- 
APPUCATION, DATA, MIDDLEWARE. NEtWotKS^ 

• DEVELOP SECURE LOGGING TOOLS 

• DEVELOP TOOLS THAT IDENTIFY: 

- SCOPE* TIME FRAMES OP IHTDUSIONS 

- PAULINNTRUSION LOCATIONS 

- SeOPE,TIMEmAMEANOIW>ACTaFSEIIVICEU)SSES 

- coRRimeooATAANOsonwAite 

- DATA. SOPIWARe, AND SYSTEMS WMCN ARB MTACr 



DAMAGE ASSESSMENT 



fa order to determine the appropriate response for a detected attack, it is important to correctly 
^sess the associated damage. Failure to correctly assess damage could lead to costiy over 
reaction (e.g. removing operational systems from service and/or unnecessarily rebuilding 
software and data bases), or dangerous under reaction (e.g.. attempts to continue opera^ns with 

extent and nature of damage associated with information warfare attacks. 

It is recommended that research and associated tool development be pursued with the objective 
of producing acceptable measures and techniques for damage assessment of both technXicL 
and bu^mess assets. These tools need to be able to assess damage at multiple levels fJom 
application to networks, and to coalesce the results of the assessments at these leve lUs also 
recommended Aat secure logging tools and standard instrumentation packages for tnlge 
^sessment be developed, which can be provided to all DoD sites where they are 
Attention will have to be paid to adequately protecting such logs from tampering by an intruder 

p^set assessment to locate fault/intrusion sites for contaimnent ani purging 

An important sub-problem in damage assessmem is to identify infoimation system components 
which remam undamaged and operational. Those components must be used to continT 
operations, as well as to help in the damage assessment process. Reliable damage assessment 
methods are needed for the information warfare communities and for oLTvl^ment a^d 
busmess mterests. for a wide range of threats. government and 
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MINIMUM 



ESSEMTW^INFOBMATOH .NFBASTBUCTURE («E«) 



RECOMMENDATIONS: 
_ DEnNEACONCEPTFOBAMElU 
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_ CONDUCT PROTOTYPE MEII EXERCISES 
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sources as possible and as needed. .o^ectedto 
The conoep, si.ou.d consider *e "f, Sr^^^-^i^^ nltwo* for use in 

an organization like NS> i 
cooperation with the DoD. 
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COMPREHENSIVE RESEARCH EFFORT 

• ISSUES: 

- A COMPREHENSIVE, UNIREO R&D EFFORT IS NEEDED IN ARCHITECTURE, ANALYSIS, AND 
SYNTHESIS OF SURVIVABLE INFORMATION SYSTEMS, SIMILAR TO THE EARUER 
INVESTMENT WHICH ESTABLISHED U.S. PREEMINENCE IN CRYPTOGRAPHY 

- PREVIOUS R&D EFFORTS HAVE FOCUSSEO SEPARATELY ON SPECIRC AREAS (E»a, 
COMPUTER SECURITY, ENCRYPTION, OPERATING SYSTEMS) 

• RECOMMENDATIONS: 

- ESTABUSH A COMPREHENSIVE RESEARCH EFFORT TO SIGNtRCANTLY ADVANCE THE 
STATEOF-THE-ART IN THEORY. ANALYSIS, & SCIENCE FOR HIGH ASSURANCE SYSTEMS 

• DEVELOP RIGOROUS MATHEMATICAL APPROACHES FOR ANALYBNQ AND SYNniESIZING COMPLEX 
INFORMATION SYSTEMS 

• DEVELOP ADVANCED MODELLJNQ& ANALYSIS TECHNIQUES BUnJ)INQ UPON, BUT EXTENOmG 
BEYOND, PRIOR RESEARCH M FORMAL METHODS: INCLUDE A FOCUS ON FORMAL METHODS WHICH 
CAN CROSS LAYERS OF ABSTRACTION IN A LARGE-SCALE SYSTEM DESIGN 

• DEVELOP TECHNIQUES FOR SYSTEM SYNTHESIS, AND FOR PREDICTING AND EVALUATING 
PERFORMANCE; MCLUDE FORMAL APPROACHES TO DESIGN OF APPROPRIATE SYSTEM TESTS 

- ESTABUSH A BROAD-BASED R&D EFFORT FOCUSSEO ON THE DESIGN, MONITORING, AND 
MANAGEMENT OF LARGE SCALE DISTRIBUTED SYSTEMS, INCLUDING: 

• A RCHIT ECTURES. DESIGM TOOLS, A METHODOLOGIES FOR ROBUST SURVIVABLE DISTRIBUTED 
SYSTEMS 

• TECHNIQUES ft TOOLS FOR MONrrORMQ ft MANAGING LARGE-SCALE DISTWBUTEO/NETWORKED 
SYSTEMS 

• TECHNIQUES FOR DETECHNG LOCAL OR LARGE-SCALE ATTACKS, AND FOR ADAPTATION TO 
SUPPORT GRACEFUL DEGRADATION 

• TESTBEDS AND SIMULATION-BASEO MECHAMSMS FOR EVAUIATMG EMERGMG DIW TECHNOLOGY 
AND TACTICS 

- INCENT1VIZE INDUSTRY AND ACADEMIA TO PARTICIPATE IN BROAD-BASED R&D EFFORTS 

- ESTABUSH A CROSS^OVERNMENT EFFORT TO COORDINATE DIW RESEARCH AND 
DEPLOYMENT EFFORTS 



COMPREHENSIVE RESEARCH EFFORT 

The development of robust survivable distributed systems resistant to information warfare attack, 
as well as other types of failure, requires major advances in theory, modeling and technology, and 
the combined efforts of a vigorous research community embracing academia, industry and 
government. Prior R&D efforts have focused on specific areas, such as computer and network 
security, encryption technology, operating system environments with multi-level security 
features, and coping with benign network outages caused by single node failures, etc. Little 
attention has been paid to the ab initio design and implementation of systems capable of 
surviving willful malicious attack, or detecting and tolerating corrupted software. Even less 
attention has been paid to the non-ab-initio case, where the system must incorporate legacy 
subsystems which are not under the designer's control. A comprehensive research effort is 
required, similar to the earlier investment in cryptographic theory, higher mathematics and 
associated technology, which led to U.S. preeminence in cryptography. The area of robust 
survivable systems offers an opportunity for a unifying theme to constitute a broad-based 
research effort covering the full range of 6.1, 6.2, 6.3 research, to stimulate fresh and/or 
revolutionary ideas and comprehensive problem solutions. 

A fundamental and essential underpinning of any proposed technology base for designing and 
implementing large scale, robust, survivable distributed systems is a science and associated suite 
of design technologies for high-confidence/high assurance systems. Ideally such a set of tools 
would afford designers and implementers a means for describing, constructing and verifying the 
anticipated behavior of a complex system at all levels of abstraction. These design technologies 
must be capable of capturing behavioral descriptions, system properties and design descriptions 
in ways which enable the timely creation and performance validation of a given system 
implementation. Such a capability is needed because it is impossible to either anticipate or 
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of computer networks. 
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APPENDIX G 



LIST OF ACRONYMS 



ABIS 
ACTD 
Active X 
Arch 

ASD(C3D 

ATD 

C2 

C3 

C3I 

C4I 

C4ISR 

CDR 

CLA 

CINC 

ao 

OP 

CJCS 

Conv. 

CONUS 

Coord. 

CSA 

CSAAS 

CSPAR 

Ctr 

DASD 

Da 

DEPSECDEF 

Des 

DIA 

DH 

DIS 

DISA 

DoC 

DoD 

DoDD 

DoE 



Advanced Battlefield Information System 
Advanced Concepts Technology Demonstration 
See Appendix G. Glossary 

^uSXrcta., of Defense for C^. Conuo,. 
Communications and Intelligence 
Advanced Technology Demonstration 

Command and Control 

Command. Control and Communications 

S=^r^;S:^=-^C^^.;.e„ee 

Command and Control, Communications, Computer InteUigenc 

Surveillance and Reconnaissance 

Commander (USN designation of rank) 

Central Intelligence Agency 

Commander in Chief 

Chief Information Officer 

Critical Infirastrucmre Protection 

Chairman, Joint Chiefs of Staff 

Conventional 
Continental United States 

Coordination 

ONCs/Service/Agencies 

Combat Support Agency Assessment System 

CINCs Preparedness Assessment Report 

Center 

Deputy Assistant Secretary of Defense 
Director of Centrallntelligence 
Deputy Secretary of Defense 

Design 

Defense IntelUgence Agency 
Defense Information Infrastructure 

Defense Investigative Service 
Defense Information Systems Agency 
Department of Commerce 
Department of Defense 
Department of Defense Directive 

Department of Energy 
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DoJ 


Department of Justice 


DoT 


Department of Transportation 


EEI 


Essential Elements of Information 


FBI 


Federal Bureau of Investigation 


FEMA 


Federal Emergency Management Agency 


CjAU 


VJUVCmillCIU rVCCUUllLlllg WIIIV^C 


oil 


vJlUUcU iiliUlIllallUll liiilaoUUwlLUw 


HUMINT 


Human Intelligence 


lOc w / 1 /\ 


Ttidiration and Waminff/Threat Assessment 


IC 


Intelligence Conununity 


Info. 


Information 


Tntel 


Intel licence 


rr 


Information Technology 


IW 


Information Warfare 




Tnformatinn Warfare-Defense 


JAVA 


See Appendix G, Glossary 


J VV\^/\ 


Tnint Warfare Analvsis Center 


iViXUJL 


A^inimiim T^Qsential Information Infrastructure 


IVill LyCpb 


A/filitarv T^nartments 




National Communications Svstem 




National Economic Council 


NTT 


National Information Infrastructure 


NRC 


National Research Council 


NSA 


National Security Agency 


NSC 


National Security Council 


NSTE 


Network Security Information Exchan&e 


NSTAC 


National Security Teleconununications Advisory Board 


Nuc. 


Nuclear 


OCONUS 


Outside of CONUS 


Off 


Office 


0MB 


Office of Management and Budget 


Ops 


Operations 


OSTP 


Office of Science and Technology Policy 


OUSD(A&T) 


Office of the USD(A&T) 


OUSD(P) 


Office of the USD(P) 
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Plan 
PSA 
PSN 

Ret. 

SECDEF 
SORTS 

TOR 
Treas 

U.S. 

USAF 

USD(A&T) 

USD(C) 

USD(P&R) 

USD(P) 

USN 

VADM 

WARM 



Planning 

Principle Staff Assistant 
Public Switched Network 

Retired 

Secretary of Defense 
S^Resoorces and Training Sys«m 

Terms of Reference 
Department of the Treasury 

United States 

"^^^^^ ^or Acquisition and Technology 

Undersecretary of Defense for Pohcy 
United States Navy 

Vice Admiral 
War-time Mode 
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APPENDIX H 
GLOSSARY 



23 March 1994. The DOD D,caon^ '^^^'^^r^m^ Depanmenu, Joint Staff, 
mandatory use by the Office o the Secieur/ both DOD and NATO 

combatant commands, and D^'^"^^. ^fi I'™) o7er sources are indicated by 
use are marked with an astensltwithra parentheses, i.e.,t ). yj 

brackets, e.g., tOCSI 3210.01, 1996). 
..^sttcwarn^CWninvolvi,^*^^^^^^^ 

exploit, reduce or prevent hosule use of <>« "»^^' divisions within acoustic 

„L fdendly use "rrrt'^^fZL^of acousdc warfare involving 
warfare: 1. acoustic warfare support ii^ures^ ii« _^^^^ 

actions to search for. intercep^ locate, '^^^^,'^^1^^^^ support measures involves no 
purpose of exploiting such radiations. °J3";'„rde^^ by the enemy. 2. 

intentional underwater acousfc «nu^o" ™^ Sa^Sc w^are invoMng actions taken to 
acoustic warfare ^"^T^J^^^'^TZ^.^cr acoustic sp.cm.m. Acoustic 
prevent or reduce an enemy s eltecnve use °' " acoustic emissions for deception and 

Ware counlermeasures involve «««n<«'"^ ""1=™^^' of acoustic warfare 

janmung.3. acousUc warfare coun««oun»™«^^^^ 

involving actions taken to ensure «"f*y'™fj"^ Acoustic warfare counter- 

^^t:s:^cr'3:^»:sra^^:;^--- 

:::SS::S,^dmano.involve underwater acousUc emissions. 
.c™»ttc c«u«ter-««nteme»s«r.s..See acoustic warfare Part 3. 

aeousttc warfere co»i.t.n»«««s-See acoustic warfare Part 2. 
acoiBtic «rt<« »PP»rt measures-See acoustic warfare Part 1 
.«iveaird.f.nse(.)-Direc,defensiveactior,t^»Jo™^^ 

Windows-based software). a* 
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launched. Other measures which are taken to minimize the effects of hostile air action are cover, 
concealment, dispersion, deception (including electronic), and mobility. See also counter air. 

antisubmarine operation— Operation contributing to the conduct of antisubmarine warfare. 

antisubmarine warfare(*)"Operations conducted with the intention of denying the enemy the 
effective use of submarines. 

attack assessment— An evaluation of information to determine the potential or actual nature and 
objectives of an attack for the purpose of providing information for timely decisions. See also 
damage estimation. 

biological operation(*)-Employment of biological agents to produce casualties in personnel or 
animals and damage to plants or materiel; or defense against such employment 

biological operation(*)-Employment of biological agents to produce casualties in personnel or 
animals and damage to plants or materiel; or defense against such employment. 

biological warfare-See biological operation. 

C2-protection-See conunand and control warfare. 

chemical warfare-All aspects of military operations involving the employment of lethal and 
incapacitating munitions/agents and the warning and protective measures associated with such 
offensive operations. Since riot control agents and herbicides are not considered to be chemical 
warfare agents, those two items will be referred to separately or under the broader term 
"chemical," which will be used to include all types of chemical munitions/agents collectively. 
The term "chemical warfare weapons" may be used when it is desired to reflect both lethal and 
incapacitating munitions/agents of either chemical or biological origin. Also called CW. See 
also chemical operations, herbicide, riot control agent. 

combined warfare— Warfare conducted by forces of two or more allied nations in coordinated 
action toward common objectives. 

command and control warfare-The integrated use of operations security (OPSEC), military 
deception, psychological operations (PS YOP), electronic warfare (EW), and physical destruction, 
mutually supported by intelligence, to deny information to, influence, degrade, or destroy 
adversary command and control capabilities, while protecting friendly conmiand and control 
capabilities against such actions. Conunand and control warfare applies across the operational 
continuum and all levels of conflict. Also called C2W. C2W is both offensive and defensive: a. 
counter-C2-To prevent effective C2 of adversary forces by denying information to, influencing, 
degrading, or destroying the adversary C2 system, b. C2-protection-To maintain effective 
conmiand and control of own forces by turning to friendly advantage or negating adversary 
efforts to deny information to, influence, degrade, or destroy the friendly C2 system. See also 
command and control; electronic warfare; intelligence; military deception; operations security; 
psychological operations. 

counterg^errilla warfare(*)-Operations and activities conducted by armed forces, paramilitary 
forces, or nonmilitary agencies against guerrillas. 
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damage «timaUo»-A preliminary appraisal of the potential effects of an attack. See also attack 
assessment. 

directed-enerev protecUve measures-That division of directed-energy warfm involving 
^^tSn^p^tect fnendly equipment, facilities, and personnel to ensure fnendly effccuve 
^sTf *e elect^magnetic spectrum that are threatened by hosdle dtrected-energy weapons and 

devices. 

directed^nergy warfare-Military action involving the use of directed-energy weapons, 
t^Zcf—^sur^s to7*er cause direct damage or destniction of enemy equipment, 
facilities, and personnel, or to determine, exploit, reduce, or prevent hostile use of the 
dec^r^kgnetk: spectrum through damage, destruction, and disruption. It also mcludes actions 
^en to protect fondly equipment, facilities, and personnel and retain fnendly use of the 
^JioX^c spectrum' Zso called DEW. See also directed energy; directed-energy device, 
directed-energy weapon; electromagnetic spectrum; electronic warfare. 

directedHjnergy weapon-A system using directed energy primarily as a direct means to damage 
^^oy enmy equfpment, fLilities, and personnel. See also directed energy; directed energy 
device. 

economic warfare-Aggressive use of economic means to achieve national objectives. 

dectromacnetic intrusion-The intentional insertion of electromagnetic energy into 
^SoCrin any manner, with the objective of deceiving operators or of causing 
confusion. See also electronic warfare. 

electronic warfare-Any military action involving the use of electromagnetic ^ijd directed 
en^gy to control the elitromagnetic spectrum or to attack the enemy . Al so called EW^-^e 
S^ajor subdivisions within electronic warfare are: electronic att^k, electronic protecuon, 
Sionic warfare support, a. electronic attack--That divis^n of elec„^a^^ 
involving the use of electromagnetic or directed energy to attack personnel, f^cili ues or 
e^tment with the intent of degrading, neutralizing, or destroying enemy combat cap^^^^^^^^ 
3so called EA. EA includes: 1) actions taken to prevent or reduce an enemy s effective use of 
the electromagnetic spectrum, such as jamming and electromagneuc deception and 2) 
Z^Zn^f weap^s that use either electromagnetic or directed energy as their pnmary 
desmictive mechanism (lasers, radio frequency weapons, particle beams), b. electronic 
protection-That division of electronic warfare involving actions taken to P«>^t,P^^°""*^' 
fSs and equipment from any effects of friendly or enemy employment of electronic warfare 
AafS^^e^eut^ize,ordestroyfrien^^^ AlsocalledER c. e^ctroni^^^^ 

w^rfarlTpiort-That division of electronic warfare involving acuons tasked by. or under direct 
ToTttd of.Toperational commander to search for, intercept, identify, and locate sources of 
intention^ and unintentional radiated electromagnetic energy for the purpose of immediate threat 
recoenition. Thus, electronic warfare support provides information required for imniediate 
decisions involving electronic warfare operations and other tactical actions such as threat 
^o^Tce. targeting, andhoming. Also called ES. Electronic warfare support d^ 
to oroduce signals intelligence (SIGINT). both communications intelligence (COMINT), and 
^^tronics intelligence (ELINT). See also command and control warfare; communications 
intelligence; directed energy; directed-energy device; directed-energy warfare; directed-energy 
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weapon; electromagnetic compatibility; electromagnetic deception; electromagnetic hardening; 
electromagnetic jamming; electromagnetic spectrum; electronics intelligence; frequency 
deconfliction; signals intelligence; spectrum management; suppression of enemy air defenses. 

guerrilla warfare(*)— Military and paramilitary operations conducted in enemy-held or hostile 
territory by irregular, predominantly indigenous forces. See also unconventional warfare. 

indications and warning— Those intelligence activities intended to detect and report time- 
sensitive intelligence information on foreign developments that could involve a threat to the 
United States or allied military, political, or economic interests or to U.S. citizens abroad. It 
includes forewarning of enemy actions or intentions; the imminence of hostilities; insurgency; 
nuclear/non-nuclear attack on the United States, its overseas forces, or allied nations; hostile 
reactions to United States reconnaissance activities; terrorists* attacks; and other similar events. 

information warfare— Actions taken to achieve information superiority by affecting adversary 
information, information-based processes, information systems, and computer-based networks 
while defending one's own information, information-based processes, information systems, and 
computer-based networks. [CJCSI 3210.01, 1996] 

integrated warfare— The conduct of military operations in any combat environment wherein 
opposing forces employ non-conventional weapons in combination with conventional weapons. 

JAVA— An object-oriented, platform-independent programming language, often used to create 
small cross-program executable software applications called applets that are downloaded from 
remote sites and that execute automatically. 

mine warfare— The strategic, operational, and tactical use of mines and mine countermeasures. 
Mine warfare is divided into two basic subdivisions: the laying of mines to degrade the enemy's 
capabilities to wage land, air, and maritime warfare; and the countering of enemy-laid mines to 
permit friendly maneuver or use of selected land or sea areas. 

naval coastal warfare— Coastal sea control, harbor defense, and port security, executed both in 
coastal areas outside the United States in support of national policy and in the United States as 
part of this Nation's defense. Also called NCW. 

naval special warfare— A specific term describing a designated naval warfare specialty and 
covering operations generally accepted as being unconventional in nature and, in many cases, 
covert or clandestine in character. These operations include using specially trained forces 
assigned to conduct unconventional warfare, psychological operations, beach and coastal 
reconnaissance, operational deception operations, counterinsurgency operations, coastal and river 
interdiction, and certain special tactical intelligence collection operations that are in addition to 
those intelligence functions normally required for planning and conducting special operations in 
a hostile environment. Also called NSW. 

nuclear warfare(*)-Warfare involving the employment of nuclear weapons. See also postattack 
period; transattack period. 

operations security— A process of identifying critical information and subsequently analyzing 
friendly actions attendant to military operations and other activities to: a. Identify tfiose actions 
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that can be observed by adversary intelligence systems, b. Determine indicators hostile 
intelligence systems might obtain that could be interpreted or pieced together to denve cnticd 
infon^ation ir. time to be useful to adversaries, c. Select and execute measures tha eliimnate or 
reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation. 
Also called OPSEC. See also command and control warfare; operations secunty mdicators; 
operations security measures; operations security planning guidance; operations secunty 
vulnerability. 

perception management-Actions to convey and/or deny selected information and indicators to 
foreign audiences to influence their emotions, motives, and objective reasoning; and to 
intelligence systems and leaders at all levels to influence official estimates, ulumately resulting m 
foiei^ behaviors and official actions favorable to the originator's objectives. In vanous ways, 
perception management combines truth projection, operations security, cover and decepnon, and 
psychological operations. See also psychological operations, 
political warfare-Aggressive use of political means to achieve national objectives, 
psychological operations-Planned operations to convey selected information and indicators to 
foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the 
behavior of foreign governments, organizations, groups, and individuals. The Pun>ose of 
psychological operations is to induce or reinforce foreign attitudes and behavior favorable to the 
originator's objectives. Also called PSYOP. See also perception management, 
psychological warfare-The planned use of propaganda and other psychological actions having 
5ie primary purpose of influencing the opinions, emotions, attitudes, and behavior of hostile 
foreign groups in such a way as to support the achievement of national objecuves. Also called 
PSYWAR. 

strategic air warfare-Air combat and supporting operations designed to effect, through the 
systei^atic application of force to a selected series of vital targets, the progressive destruction and 
isintegration of the enemy's war-making capacity to a point where the enemy no longer re^ns 
the ability or the will to wage war. Vital targets may include key manufactunng systems, sources 
of raw material, critical material, stockpiles, power systems, transportaUon systemis 
communication facihties, concentration of uncommitted elements of enemy armed forces, Key 
agricultural areas, and other such target systems. 

tactical waming-1 . A warning after initiation of a threatening or hostile act based on an 
evaluation of information from all available sources. 2. In satellite and missile surveiUance, a 
notification to operational command centers that a specific threat event is occumng. The 
component elements that describe threat events are: Country of origin-country or countries 
initiating hostilities. Event type and size-identification of the type of event and determination ot 
the size or number of weapons. Country under attack-determined by observing trajectory of m 
object and predicting its impact point. Event time-time the hostile event occurred. Also called 
integrated tactical warning. See also attack assessment; strategic warmng. 
tactical warning and assessment-A composite term. See separate definitions for tactical 
warning and for attack assessment. 
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unconventional warfare— A broad spectrum of military and paramilitary operations, normally of 
long duration, predominantly conducted by indigenous or surrogate forces who are organized, 
trained, equipped, supported, and directed in varying degrees by an external source. It includes 
guerrilla warfare and other direct offensive, low visibility, covert, or clandestine operations, as 
well as the indirect activities of subversion, sabotage, intelligence activities, and evasion and 
escape. Also called UW. 
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2 2 JAN 1997 

Ref: 97-F-0073 



Mri David A. Banisar 

Electronic Privacy Information Center 
666 Pennsylvania Avenue, S.E., Suite 301 
Washington, D.C. 20003 

Dear Mr. Banisar: 

This letter responds to your January 9, 1997, Freedom of 
Information Act (FOIA) request. The telephone conversation with 
Commander Voorhies of this Directorate on January 21, 1997, 
refers . 

As agreed in the telephone conversation with Commander 
Voorhies, the enclosed document is provided as responsive to your 
request. There are no chargeable costs for processing your FOIA 
request in this instance. 

Sincerely, 

A. H. Passarella 
Director 

Freedom of Information 
and Security Review 



Enclosure: 
As stated 
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